Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a0f26553dde5cc1d8ff54d6c92c86dd4_JaffaCakes118

  • Size

    6.7MB

  • Sample

    240612-rg79bsxgpc

  • MD5

    a0f26553dde5cc1d8ff54d6c92c86dd4

  • SHA1

    62a8a34ce8a7c7dd4ca42bfdc198adfa0657d4cd

  • SHA256

    2397ac46ad9b52de1b72d6821ce44f6fd4815ea6abe449d1b731120d1e0c5ce2

  • SHA512

    33b49ea87267895ce6c67ae10b6085d6cfdf963f24222c316ac2b96b9592aba0dc8ff0912351d1909fc599d49de9ff0f371eb9ab8a9dbe99d3314d3fb8aa9c6b

  • SSDEEP

    196608:EQU04EBkFK95xMQtICDTh93p4ehtaTfOEnt6DbPwCwHTZ:E7XFaEQjPz3HQTfh6fPwf

Malware Config

Targets

    • Target

      a0f26553dde5cc1d8ff54d6c92c86dd4_JaffaCakes118

    • Size

      6.7MB

    • MD5

      a0f26553dde5cc1d8ff54d6c92c86dd4

    • SHA1

      62a8a34ce8a7c7dd4ca42bfdc198adfa0657d4cd

    • SHA256

      2397ac46ad9b52de1b72d6821ce44f6fd4815ea6abe449d1b731120d1e0c5ce2

    • SHA512

      33b49ea87267895ce6c67ae10b6085d6cfdf963f24222c316ac2b96b9592aba0dc8ff0912351d1909fc599d49de9ff0f371eb9ab8a9dbe99d3314d3fb8aa9c6b

    • SSDEEP

      196608:EQU04EBkFK95xMQtICDTh93p4ehtaTfOEnt6DbPwCwHTZ:E7XFaEQjPz3HQTfh6fPwf

    • Windows security bypass

    • Creates new service(s)

    • Drops file in Drivers directory

    • Stops running service(s)

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/CCGylfvpPId.dll

    • Size

      352KB

    • MD5

      41061901c1afc95553800c7203a31cd0

    • SHA1

      38fc9f859502166bf5e356b8820ed6a48b060f6d

    • SHA256

      cc0dc4f6b1bf6627532a8c8ab42ad087f3302000632d22713950f0a8c95e8f05

    • SHA512

      c54f0bf158938fa332d482b1190e66cc7856465080fbddc5f7b95ff1f00491d29fa28c49854e6dda73a8e1e11cf2e845754033eb5cfe77327e1625039946c2eb

    • SSDEEP

      6144:xp/0ex8EJOlAvXP/gcRrTVHLATBwD5QG9l:tx8aOlAvXP/gcRrBHLAT29Tl

    Score
    1/10
    • Target

      $PLUGINSDIR/gHbMwlFrsMB.dll

    • Size

      493KB

    • MD5

      31eafd1f2c5bceb7761b52ea85cf6c26

    • SHA1

      51045a6eeddc1832a9a71fe95bb746192b1bbb2b

    • SHA256

      27e62f38be7bd86e3144888e68ae6dd3cd9afccce244825929409b4e94623dd6

    • SHA512

      4aa675ad91e655cb36adabab706d9af07b91e1b0d71799f0a4068f02765d6010cdc15ef59eb15758e569cede0161d5e8797f4f39b7dcbfb97b95770acc18e4a8

    • SSDEEP

      12288:WwORL0u2QfuN7N5Mf9eLB6OBOBOBOomzxNrO76nwX:bWL+QI8k4zxNrO76nwX

    Score
    1/10
    • Target

      $PLUGINSDIR/lDerpvVTsgA.dll

    • Size

      650KB

    • MD5

      e4bdc739307f32b968e32fcebc9c01f6

    • SHA1

      5f3d406f01579e3e8a67c05d2e31ec369e14604c

    • SHA256

      17d489476f1f2fbe95a5ddb2a95a788528db842153c5582457133a79eb0756e0

    • SHA512

      494ab1baf1ba59aa6cb4209dae8d493b784d289c74ba66b34d826aebb4014bb2fdfa3f30680650408048d9197cab5b945936c36cac9529c220048cef4704224e

    • SSDEEP

      12288:CTCku/rrJa/ou0Jjppg9Zpnin6QCZeK+YhzyO7LO2TllcrSNCCaBO4m2JEMS7aKd:CWfFrK+Y/7LH+8P4mH7aKKK4O

    Score
    1/10
    • Target

      $TEMP/auBVPavMwbA.js

    • Size

      356B

    • MD5

      a35b87106725234045494a6404a003f9

    • SHA1

      f4d1a2529a271946382c17132a5ebea6449a753f

    • SHA256

      17aa4126885d2299ada9a5e3fa5c21dc52e133bfed72a25a96e0152044ea2cd4

    • SHA512

      7924482b9e20801dd8d7abacd6fc4d2a1f182e4f663b0a519518e33c04b482d35d17d277af1e9555f9e8a3a92e67935dabbc5302507b2924ac4cc9b34546dd17

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks