Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
36c2c5d6659...18.exe
windows7-x64
76c2c5d6659...18.exe
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$TEMP/glossitis.dll
windows7-x64
1$TEMP/glossitis.dll
windows10-2004-x64
3uninstall.exe
windows7-x64
7uninstall.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3General
-
Target
6c2c5d6659efb231d9ad581c9bc2a98e_JaffaCakes118
-
Size
436KB
-
Sample
240523-zb633sfd95
-
MD5
6c2c5d6659efb231d9ad581c9bc2a98e
-
SHA1
feab504fed043f6c76af14a090496b19fef75f44
-
SHA256
96e0f2a803195e87752de63e91566dfe74b565d80e3c36efd90d85ec1b3be632
-
SHA512
da89c4d71aa5251dd94e382488cc35ed23893c8c0fe7bf724108acde6775ed63db01f621337cc8c7f291c9b380769452f9558379ff391729f2dbe507747d9ace
-
SSDEEP
12288:ZnISpUE+pgz1ON4gwT+tBMjFzrAyxA46elD0I0/UiQTN:ySOE+pgAuOcz7Ak0/UiW
Static task
static1
Behavioral task
behavioral1
Sample
6c2c5d6659efb231d9ad581c9bc2a98e_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
6c2c5d6659efb231d9ad581c9bc2a98e_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
$TEMP/glossitis.dll
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
$TEMP/glossitis.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
uninstall.exe
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
uninstall.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240220-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
6c2c5d6659efb231d9ad581c9bc2a98e_JaffaCakes118
-
Size
436KB
-
MD5
6c2c5d6659efb231d9ad581c9bc2a98e
-
SHA1
feab504fed043f6c76af14a090496b19fef75f44
-
SHA256
96e0f2a803195e87752de63e91566dfe74b565d80e3c36efd90d85ec1b3be632
-
SHA512
da89c4d71aa5251dd94e382488cc35ed23893c8c0fe7bf724108acde6775ed63db01f621337cc8c7f291c9b380769452f9558379ff391729f2dbe507747d9ace
-
SSDEEP
12288:ZnISpUE+pgz1ON4gwT+tBMjFzrAyxA46elD0I0/UiQTN:ySOE+pgAuOcz7Ak0/UiW
Score7/10-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
34466cab38abcbc09ffac768d526f896
-
SHA1
2684f5f6c2b005cba812fc8cc1157777554fa3a3
-
SHA256
8b4a1e7bf076c20240eb0a46cbdc8b835cfd89265fb78a3c1c5339ab820d2c1c
-
SHA512
5c6ae996a81f0fd9d3efe4e61c8683eb833cb203a476772c06eadb48e10e34d05a8fc2c837cf663dcc3a37713bd86694c8eb251868aa5bb42c4b21ba8c8e8fc7
-
SSDEEP
192:qcOqW13v5z+dHeMR2QwHu5S9i/yULWWBZYJCSJyejAK72dwF7dBKEw:qcw13v5SdHeMRRKkwsejA+BV
Score3/10 -
-
-
Target
$PLUGINSDIR/LangDLL.dll
-
Size
5KB
-
MD5
6affaef1473695eb1325129879b5d12e
-
SHA1
626f362d322bd12543d1255678c70b577b0e916e
-
SHA256
df361cd0f1b68f3cfb0aa97a04a6d28eaf2ed4713e9717dbc86b25d46ddb0634
-
SHA512
f1d5a4c51e0bd2a644939df3722024d646f9bfc679b04964fc638f00e5191b8c02872f5a298c16f59a59a234d3cf6f929c98daec4d03c757e68ea8ee99580f6c
-
SSDEEP
48:im1mAjq8W2MPUptuMMZvx/cmzycNSCwVGfOY0vXpXt/JvR0JTof5d2:F1qBl9RZHzycNSCwV8T8jZR0Id2
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
a436db0c473a087eb61ff5c53c34ba27
-
SHA1
65ea67e424e75f5065132b539c8b2eda88aa0506
-
SHA256
75ed40311875312617d6711baed0be29fcaee71031ca27a8d308a72b15a51e49
-
SHA512
908f46a855480af6eacb2fb64de0e60b1e04bbb10b23992e2cf38a4cbebdcd7d3928c4c022d7ad9f7479265a8f426b93eef580afec95570e654c360d62f5e08d
-
SSDEEP
192:aVL7iZJX76BisO7+UZEw+Rl59pV8ghsVJ39dx8T:d7NsOpZsfLMJ39e
Score3/10 -
-
-
Target
$TEMP/glossitis.dll
-
Size
72KB
-
MD5
38e1a078aaf0a8feea3d3a6317b6e85e
-
SHA1
5b35cbdd235366eac93d409e7b5cfe43db444f64
-
SHA256
c193d53bc725e9ddcea48506f4f48bea90e665fa145a12ac1a6d1ddd0f6e113b
-
SHA512
2b7987f4598d9831e3f53182117e0ca49ead034358211b8fe5ae13377d9950591bf87468c12e315caf575db82cc5d0c46f0d67059d340d4fe2543dba0bc98c35
-
SSDEEP
768:v3nHgLuguUvuwnoARRwgVGKwbP8/bt3k86K0V/s+qzJd+8JYK:fALnca1RRwg8KQq76S+iv+j
Score3/10 -
-
-
Target
uninstall.exe
-
Size
87KB
-
MD5
33a31007ff9cb4f4a2fef2e22b33ca5e
-
SHA1
1be6277e76984da795471a7dc5e173a767720025
-
SHA256
7ab2d70344ebd729c369e366ce5011ee906bfae9b648a0528eb66764da256aa1
-
SHA512
c9dfab5bd3ca5204c28270861da695975b72df46a805f4fb9068b55f032978e253921bf407840834e3ed47443eaebcf336b1d42bbf840b224013af62d8b1e485
-
SSDEEP
1536:WoM1dKyOSoYNXoK3LX78JBXJkUFh8gdLeAyN21tRrWsVqQTNAO51WVdh1NW6sM:HM1BjoYNXoKDIJBXJPIceAXMQTNAO7M/
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
34466cab38abcbc09ffac768d526f896
-
SHA1
2684f5f6c2b005cba812fc8cc1157777554fa3a3
-
SHA256
8b4a1e7bf076c20240eb0a46cbdc8b835cfd89265fb78a3c1c5339ab820d2c1c
-
SHA512
5c6ae996a81f0fd9d3efe4e61c8683eb833cb203a476772c06eadb48e10e34d05a8fc2c837cf663dcc3a37713bd86694c8eb251868aa5bb42c4b21ba8c8e8fc7
-
SSDEEP
192:qcOqW13v5z+dHeMR2QwHu5S9i/yULWWBZYJCSJyejAK72dwF7dBKEw:qcw13v5SdHeMRRKkwsejA+BV
Score3/10 -
-
-
Target
$PLUGINSDIR/LangDLL.dll
-
Size
5KB
-
MD5
6affaef1473695eb1325129879b5d12e
-
SHA1
626f362d322bd12543d1255678c70b577b0e916e
-
SHA256
df361cd0f1b68f3cfb0aa97a04a6d28eaf2ed4713e9717dbc86b25d46ddb0634
-
SHA512
f1d5a4c51e0bd2a644939df3722024d646f9bfc679b04964fc638f00e5191b8c02872f5a298c16f59a59a234d3cf6f929c98daec4d03c757e68ea8ee99580f6c
-
SSDEEP
48:im1mAjq8W2MPUptuMMZvx/cmzycNSCwVGfOY0vXpXt/JvR0JTof5d2:F1qBl9RZHzycNSCwV8T8jZR0Id2
Score3/10 -