Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

041b79a3c1...18.exe

windows7-x64

7

041b79a3c1...18.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/ngz.dll

windows7-x64

3

$PLUGINSDIR/ngz.dll

windows10-2004-x64

3

$PLUGINSDI...nz.dll

windows7-x64

3

$PLUGINSDI...nz.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    041b79a3c1c08bf01f4dc2aab6099c6c_JaffaCakes118

  • Size

    606KB

  • Sample

    240428-b8zhhade55

  • MD5

    041b79a3c1c08bf01f4dc2aab6099c6c

  • SHA1

    86dca132b50bbd9aab9995172f1b993b72098f51

  • SHA256

    df82eb852e747c09c4f345ef2726bd4b0f1f262be3a2527401250ff9597343fe

  • SHA512

    4b4c33dc8d3a782c83d17ecc4ddafc31652a3e6926dc805dc37287cf10fc0090df4a95b4b5ce1e9c54dc0e824fae719194a8b35ee8ac10ee191ca2770ebcd7ba

  • SSDEEP

    12288:BE8AJKp5g33X2nwRNmXMU0fj6or3RXqBxAMUQ6TcRbp2uQ1q:BE/JKvg3WwRNeAfj6upqBx5U2RN2uL

Score
7/10

Malware Config

Targets

    • Target

      041b79a3c1c08bf01f4dc2aab6099c6c_JaffaCakes118

    • Size

      606KB

    • MD5

      041b79a3c1c08bf01f4dc2aab6099c6c

    • SHA1

      86dca132b50bbd9aab9995172f1b993b72098f51

    • SHA256

      df82eb852e747c09c4f345ef2726bd4b0f1f262be3a2527401250ff9597343fe

    • SHA512

      4b4c33dc8d3a782c83d17ecc4ddafc31652a3e6926dc805dc37287cf10fc0090df4a95b4b5ce1e9c54dc0e824fae719194a8b35ee8ac10ee191ca2770ebcd7ba

    • SSDEEP

      12288:BE8AJKp5g33X2nwRNmXMU0fj6or3RXqBxAMUQ6TcRbp2uQ1q:BE/JKvg3WwRNeAfj6upqBx5U2RN2uL

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/ngz.dll

    • Size

      125KB

    • MD5

      1dca01412e8bef71651216a3231e0d5f

    • SHA1

      94ad7b7582b7609364c6986f0b880bdd6b3cdc12

    • SHA256

      6319d5341868ce224bbe0c370fbc40db6e94d41dac63aab35ddce06a584611e6

    • SHA512

      17369282387096e6196ee8851f5704a213761b6ffc2a7b3dcb8a956839a75c3579cf3237619c11ca9a59b77c866095337930566703cb1b34b4842dd5200e92c5

    • SSDEEP

      1536:FbeXAFfcRpuya6j6/knTW2E9tp54Z8G6MEmfJzha1FSR8r4Zvn0BaOJvDkpPJXFt:71Ixj6FaFLfTEz4ZePkpPDuDuXX

    Score
    3/10
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/nsisunz.dll

    • Size

      40KB

    • MD5

      5f13dbc378792f23e598079fc1e4422b

    • SHA1

      5813c05802f15930aa860b8363af2b58426c8adf

    • SHA256

      6e87ecb7f62039fbb6e7676422d1a5e75a32b90dde6865dcb68ee658ba8df61d

    • SHA512

      9270635a5294482f49e0292e26d45dd103b85fe27dc163d44531b095c5f9dbde6b904adaf1a888ba3c112a094380394713c796f5195b2566a20f00b42b6578e5

    • SSDEEP

      384:KExN66Yf2xL5Q4IsjuUjUZfqRDpImexpf88FwHxXvjX3hwlHt6oIfESxSHoOO8n9:O2x64GcVpI3xC8ynToIf1SIOhW4

    Score
    3/10
    behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks