Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6c2c5d6659efb231d9ad581c9bc2a98e_JaffaCakes118

  • Size

    436KB

  • Sample

    240523-zb633sfd95

  • MD5

    6c2c5d6659efb231d9ad581c9bc2a98e

  • SHA1

    feab504fed043f6c76af14a090496b19fef75f44

  • SHA256

    96e0f2a803195e87752de63e91566dfe74b565d80e3c36efd90d85ec1b3be632

  • SHA512

    da89c4d71aa5251dd94e382488cc35ed23893c8c0fe7bf724108acde6775ed63db01f621337cc8c7f291c9b380769452f9558379ff391729f2dbe507747d9ace

  • SSDEEP

    12288:ZnISpUE+pgz1ON4gwT+tBMjFzrAyxA46elD0I0/UiQTN:ySOE+pgAuOcz7Ak0/UiW

Malware Config

Targets

    • Target

      6c2c5d6659efb231d9ad581c9bc2a98e_JaffaCakes118

    • Size

      436KB

    • MD5

      6c2c5d6659efb231d9ad581c9bc2a98e

    • SHA1

      feab504fed043f6c76af14a090496b19fef75f44

    • SHA256

      96e0f2a803195e87752de63e91566dfe74b565d80e3c36efd90d85ec1b3be632

    • SHA512

      da89c4d71aa5251dd94e382488cc35ed23893c8c0fe7bf724108acde6775ed63db01f621337cc8c7f291c9b380769452f9558379ff391729f2dbe507747d9ace

    • SSDEEP

      12288:ZnISpUE+pgz1ON4gwT+tBMjFzrAyxA46elD0I0/UiQTN:ySOE+pgAuOcz7Ak0/UiW

    • Loads dropped DLL

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      34466cab38abcbc09ffac768d526f896

    • SHA1

      2684f5f6c2b005cba812fc8cc1157777554fa3a3

    • SHA256

      8b4a1e7bf076c20240eb0a46cbdc8b835cfd89265fb78a3c1c5339ab820d2c1c

    • SHA512

      5c6ae996a81f0fd9d3efe4e61c8683eb833cb203a476772c06eadb48e10e34d05a8fc2c837cf663dcc3a37713bd86694c8eb251868aa5bb42c4b21ba8c8e8fc7

    • SSDEEP

      192:qcOqW13v5z+dHeMR2QwHu5S9i/yULWWBZYJCSJyejAK72dwF7dBKEw:qcw13v5SdHeMRRKkwsejA+BV

    Score
    3/10
    • Target

      $PLUGINSDIR/LangDLL.dll

    • Size

      5KB

    • MD5

      6affaef1473695eb1325129879b5d12e

    • SHA1

      626f362d322bd12543d1255678c70b577b0e916e

    • SHA256

      df361cd0f1b68f3cfb0aa97a04a6d28eaf2ed4713e9717dbc86b25d46ddb0634

    • SHA512

      f1d5a4c51e0bd2a644939df3722024d646f9bfc679b04964fc638f00e5191b8c02872f5a298c16f59a59a234d3cf6f929c98daec4d03c757e68ea8ee99580f6c

    • SSDEEP

      48:im1mAjq8W2MPUptuMMZvx/cmzycNSCwVGfOY0vXpXt/JvR0JTof5d2:F1qBl9RZHzycNSCwV8T8jZR0Id2

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      a436db0c473a087eb61ff5c53c34ba27

    • SHA1

      65ea67e424e75f5065132b539c8b2eda88aa0506

    • SHA256

      75ed40311875312617d6711baed0be29fcaee71031ca27a8d308a72b15a51e49

    • SHA512

      908f46a855480af6eacb2fb64de0e60b1e04bbb10b23992e2cf38a4cbebdcd7d3928c4c022d7ad9f7479265a8f426b93eef580afec95570e654c360d62f5e08d

    • SSDEEP

      192:aVL7iZJX76BisO7+UZEw+Rl59pV8ghsVJ39dx8T:d7NsOpZsfLMJ39e

    Score
    3/10
    • Target

      $TEMP/glossitis.dll

    • Size

      72KB

    • MD5

      38e1a078aaf0a8feea3d3a6317b6e85e

    • SHA1

      5b35cbdd235366eac93d409e7b5cfe43db444f64

    • SHA256

      c193d53bc725e9ddcea48506f4f48bea90e665fa145a12ac1a6d1ddd0f6e113b

    • SHA512

      2b7987f4598d9831e3f53182117e0ca49ead034358211b8fe5ae13377d9950591bf87468c12e315caf575db82cc5d0c46f0d67059d340d4fe2543dba0bc98c35

    • SSDEEP

      768:v3nHgLuguUvuwnoARRwgVGKwbP8/bt3k86K0V/s+qzJd+8JYK:fALnca1RRwg8KQq76S+iv+j

    Score
    3/10
    • Target

      uninstall.exe

    • Size

      87KB

    • MD5

      33a31007ff9cb4f4a2fef2e22b33ca5e

    • SHA1

      1be6277e76984da795471a7dc5e173a767720025

    • SHA256

      7ab2d70344ebd729c369e366ce5011ee906bfae9b648a0528eb66764da256aa1

    • SHA512

      c9dfab5bd3ca5204c28270861da695975b72df46a805f4fb9068b55f032978e253921bf407840834e3ed47443eaebcf336b1d42bbf840b224013af62d8b1e485

    • SSDEEP

      1536:WoM1dKyOSoYNXoK3LX78JBXJkUFh8gdLeAyN21tRrWsVqQTNAO51WVdh1NW6sM:HM1BjoYNXoKDIJBXJPIceAXMQTNAO7M/

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      34466cab38abcbc09ffac768d526f896

    • SHA1

      2684f5f6c2b005cba812fc8cc1157777554fa3a3

    • SHA256

      8b4a1e7bf076c20240eb0a46cbdc8b835cfd89265fb78a3c1c5339ab820d2c1c

    • SHA512

      5c6ae996a81f0fd9d3efe4e61c8683eb833cb203a476772c06eadb48e10e34d05a8fc2c837cf663dcc3a37713bd86694c8eb251868aa5bb42c4b21ba8c8e8fc7

    • SSDEEP

      192:qcOqW13v5z+dHeMR2QwHu5S9i/yULWWBZYJCSJyejAK72dwF7dBKEw:qcw13v5SdHeMRRKkwsejA+BV

    Score
    3/10
    • Target

      $PLUGINSDIR/LangDLL.dll

    • Size

      5KB

    • MD5

      6affaef1473695eb1325129879b5d12e

    • SHA1

      626f362d322bd12543d1255678c70b577b0e916e

    • SHA256

      df361cd0f1b68f3cfb0aa97a04a6d28eaf2ed4713e9717dbc86b25d46ddb0634

    • SHA512

      f1d5a4c51e0bd2a644939df3722024d646f9bfc679b04964fc638f00e5191b8c02872f5a298c16f59a59a234d3cf6f929c98daec4d03c757e68ea8ee99580f6c

    • SSDEEP

      48:im1mAjq8W2MPUptuMMZvx/cmzycNSCwVGfOY0vXpXt/JvR0JTof5d2:F1qBl9RZHzycNSCwV8T8jZR0Id2

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks