Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    39ed7032343bd7c7c4db33a6fbc629d4_JaffaCakes118

  • Size

    31.8MB

  • Sample

    240512-nvra7add5x

  • MD5

    39ed7032343bd7c7c4db33a6fbc629d4

  • SHA1

    9880ae47f815123cdb99f2e0a9633efee464c176

  • SHA256

    95b0f18c1661324d752533a94e6cb17e460b46344135d82ff6b224f62545ce8c

  • SHA512

    bcdabc5a414e17e4f17bd2ca7b10ad8528e2a74b36f1aa29fcc0ca69d5912b661d09680180ddc5b0548e8c4c96dfc6c6a1c92a2215069b8fc22740f99f795ed8

  • SSDEEP

    786432:oSletZgNI34oMNGawdKZvtE7RtWHq07LTP2:FIa+3XM5cG1OiHqKLT+

Malware Config

Targets

    • Target

      39ed7032343bd7c7c4db33a6fbc629d4_JaffaCakes118

    • Size

      31.8MB

    • MD5

      39ed7032343bd7c7c4db33a6fbc629d4

    • SHA1

      9880ae47f815123cdb99f2e0a9633efee464c176

    • SHA256

      95b0f18c1661324d752533a94e6cb17e460b46344135d82ff6b224f62545ce8c

    • SHA512

      bcdabc5a414e17e4f17bd2ca7b10ad8528e2a74b36f1aa29fcc0ca69d5912b661d09680180ddc5b0548e8c4c96dfc6c6a1c92a2215069b8fc22740f99f795ed8

    • SSDEEP

      786432:oSletZgNI34oMNGawdKZvtE7RtWHq07LTP2:FIa+3XM5cG1OiHqKLT+

    Score
    5/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      $PLUGINSDIR/EnumINI.dll

    • Size

      3KB

    • MD5

      80403ca224c7aa80e92799b4d1eb242d

    • SHA1

      7467e15f54f69852261655d477bb3a743c37ad25

    • SHA256

      e1852457fe4bbb8ffe90b711fd4eda3f37b5e1bb284673aef0f8aa57a9b0559d

    • SHA512

      14f4dae34fb0e073ff2c889fca05f7feb9e4228d6c4951c12326fd5989c44594a9fcef17125bc7f35a04cc2ce103c55c37690fa8f57da29a2508169b1af97b8c

    Score
    3/10
    • Target

      $PLUGINSDIR/FindProcDLL.dll

    • Size

      31KB

    • MD5

      83cd62eab980e3d64c131799608c8371

    • SHA1

      5b57a6842a154997e31fab573c5754b358f5dd1c

    • SHA256

      a6122e80f1c51dc72770b4f56c7c482f7a9571143fbf83b19c4d141d0cb19294

    • SHA512

      91cfbcc125600ec341f5571dcf1e4a814cf7673f82cf42f32155bd54791bbf32619f2bb14ae871d7996e9ddecdfcc5db40caa0979d6dfba3e73cfe8e69c163c9

    • SSDEEP

      384:1NWlNdqdAnhTKMLE2oIM05fnqCiWg3Yy9kflIinokN:1NWtqdihTKCldkYwkdpnoy

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $PLUGINSDIR/v6svc_oem.dll

    • Size

      179KB

    • MD5

      77ae6eb2b0b2458b87b1e2cfa9b33bf2

    • SHA1

      624933fd54964d1d13b7ba281fddda51b3ce071c

    • SHA256

      c672794f4abd71872ceb48445fa8b30e21698dfa818d22f0ad67ac0d85df9290

    • SHA512

      bc77d229fa5c431c2cfc2e853229b8b44ce70cdd8757bb03391d5bafd9212752dfa4402606ea1115fac9f0ea9379afa9432c996b734709909556c89ffa8bda7f

    • SSDEEP

      1536:HanBx8ONbQ/mpe7GRkOp1qRGkmGWBhYGfxSELX/RdsbTh+u9S4A5S4n8GQMKWN:8bDG/GXbcRGkmGUNxBHC+VzS4n8Nb

    Score
    3/10
    • Target

      $_11_/$EXEFILE

    • Size

      31.6MB

    • MD5

      5b4bf2e6f1d951dd71132b761180cca3

    • SHA1

      7b1ea94e6f333d5e2a6b986e6917c3e0fd3bebab

    • SHA256

      0847888f9209018de9249c9da43b0b0ac290bb72285e92e7dfc26ef1708116ed

    • SHA512

      f1437763319da9e7b920a249775e2ca679a943bfa1b28350ede78bb7be433ca57aa6610cbdd79670ff0dac664510207a7575738857df23bf753554c10c8576c5

    • SSDEEP

      786432:1rSrP0w6HU+51NVbryj5dYqYrLWsLnDqdka:BO58UQ1XwXO+sLDqd7

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $APPDATA/TypeEasyData/download/uplive.exe

    • Size

      211KB

    • MD5

      d9402579144b43784ec8489888f7e738

    • SHA1

      f0be7e9f78446eaf0efddeeb03890436ad898ea9

    • SHA256

      7067f3d584734dee504fadac8d2f197d46671fad869856834ab947e992de66f6

    • SHA512

      7b7bee79c4800d6baf0b8ad9ee6871f1e17ff1c56bd79d2075d16fc94f5d51a5634dfc5248b857da22d372b14140280ab955cf64e4090c23dff2ced6932f1185

    • SSDEEP

      3072:5qzk4JdfHKqgHw7KnAVVoy5pP1bKf0yVpPO2M0Z0qps3brt6JH/8Ou4K:5qzk4JdfqqwTyVX5bsG2M0Nps3Vaf82K

    Score
    6/10
    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      $APPDATA/nav360/nav360.4.0.1.2.zh.exe

    • Size

      134KB

    • MD5

      b6ffe434a24c83a12b919383007822ea

    • SHA1

      8ed070774f8474359fae60b29bb18705e09e3d25

    • SHA256

      696beb295379bae1ee40d1505699cb48382458484506a0f84638624e12091bbc

    • SHA512

      bbfc6f8180ddfad7da6960a876b004c6015bf053bc1b49b34384a9c4ed2137fdd3fc5eead9b3dd9aa76bcb255ca6d1085ad938143abeb8e7e95fde0c48424495

    • SSDEEP

      3072:u3c1fP4AJJ9McCGb6M2V1au+0zuIn1V1nQ2hGLFnto4zU:8OPjpbCq6N1DaInr1nQrV64Y

    Score
    3/10
    • Target

      $PLUGINSDIR/Base64.dll

    • Size

      4KB

    • MD5

      f0e3845fefd227d7f1101850410ec849

    • SHA1

      3067203fafd4237be0c186ddab7029dfcbdfb53e

    • SHA256

      7c688940e73022bf526f07cc922a631a1b1db78a19439af6bafbff2a3b46d554

    • SHA512

      584ae5a0d1c1639ba4e2187d0c8a0ac7e54c0be0a266029c4689d81c0c64a7f80e7d918da0df5c6344f9f7a114f30d8f2feda253b29e813bae086604731a3d8a

    • SSDEEP

      48:SxSrr7xd14m4bLKwvnvcfDw1hEiauGkDVK+hIg4qT9/3lt:zr7xd14m4qw/vGwrEickDVthcE/

    Score
    3/10
    • Target

      $PLUGINSDIR/INetC.dll

    • Size

      21KB

    • MD5

      92ec4dd8c0ddd8c4305ae1684ab65fb0

    • SHA1

      d850013d582a62e502942f0dd282cc0c29c4310e

    • SHA256

      5520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934

    • SHA512

      581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651

    • SSDEEP

      384:VpOSdCjDyyvBwRlX+ODbswYM2s74NS0v0Ac9khYLMkIX0+Gzyekx:rdCjW/lX1PfYM2X1

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      nav360.exe

    • Size

      103KB

    • MD5

      0022b0ec15fa666c5391af467c1aa4af

    • SHA1

      2247d87f8c4718a76cd1c8e8e614e1ff11e9adf4

    • SHA256

      3426937d5786cd04ebf8e33db5c1a5ece42a3c9b928445c9af4fbcbdb4ba4ff8

    • SHA512

      84e7edf503cc287ad7c79e18507d6b2d6ec0745ed065a62fcbb6c11399a8bd32e805134bc16e68fde3ca169d9d34867c2543d98a8a4c0cf0d242a13cd5f23a18

    • SSDEEP

      1536:E3cpyORJLuB4P4AJJktqbmAcMVhjGLm9uT0cT1aVs/eGwQ3/MNRbig:E3c1fP4AJJBbVVemYT0chGGwQ3/6br

    Score
    3/10
    • Target

      $PLUGINSDIR/Base64.dll

    • Size

      4KB

    • MD5

      f0e3845fefd227d7f1101850410ec849

    • SHA1

      3067203fafd4237be0c186ddab7029dfcbdfb53e

    • SHA256

      7c688940e73022bf526f07cc922a631a1b1db78a19439af6bafbff2a3b46d554

    • SHA512

      584ae5a0d1c1639ba4e2187d0c8a0ac7e54c0be0a266029c4689d81c0c64a7f80e7d918da0df5c6344f9f7a114f30d8f2feda253b29e813bae086604731a3d8a

    • SSDEEP

      48:SxSrr7xd14m4bLKwvnvcfDw1hEiauGkDVK+hIg4qT9/3lt:zr7xd14m4qw/vGwrEickDVthcE/

    Score
    3/10
    • Target

      $PLUGINSDIR/INetC.dll

    • Size

      21KB

    • MD5

      92ec4dd8c0ddd8c4305ae1684ab65fb0

    • SHA1

      d850013d582a62e502942f0dd282cc0c29c4310e

    • SHA256

      5520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934

    • SHA512

      581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651

    • SSDEEP

      384:VpOSdCjDyyvBwRlX+ODbswYM2s74NS0v0Ac9khYLMkIX0+Gzyekx:rdCjW/lX1PfYM2X1

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $APPDATA/taobao/DandelionSetup.exe

    • Size

      2.7MB

    • MD5

      d8be9818bb96efc5dc3623a499c6d939

    • SHA1

      45057afd8726428a43059820e9fecc644ec26051

    • SHA256

      a68b343b7c9f14f0bd05b5635a1e66ea3ec6cb4e3eea926c03c6022cb96b7853

    • SHA512

      123fe56f91e88f3d5929ee73490fb5646a4e2da7acc34ca1028d4c3531ac3be09270aa9788558b422452df197df2c87001a9004980255a285068400b90d4ba74

    • SSDEEP

      49152:EK4MTNWuQChdemZZqpbzokJ7cMGaqO8eeRunhw6l09dglWK8oCWp092cXAMw:Ep68ZChEmZopbU+cMH81Ehwgah9TXG

    Score
    4/10

MITRE ATT&CK Enterprise v15

Tasks

static1

vmprotect
Score
7/10

behavioral1

Score
4/10

behavioral2

Score
5/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
7/10

behavioral12

Score
7/10

behavioral13

bootkitpersistence
Score
6/10

behavioral14

bootkitpersistence
Score
6/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

Score
3/10

behavioral26

Score
3/10

behavioral27

Score
3/10

behavioral28

Score
3/10

behavioral29

Score
3/10

behavioral30

Score
3/10

behavioral31

Score
4/10

behavioral32

Score
4/10