Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a9360745871d11e86208dfc05389ed87_JaffaCakes118

  • Size

    18.5MB

  • Sample

    240614-mk5kdszhpr

  • MD5

    a9360745871d11e86208dfc05389ed87

  • SHA1

    88c09ba1d029e0c6188a9be0281f3decc728ffb3

  • SHA256

    654eebb38506e36b159f0dda7b316e2b726548145a179cec49b32bb030d5aba8

  • SHA512

    75e1fd50661e07cc75556bc569218dc2b964dda601f950444c5db2598919e521a537b4a2fba802c21330fe93967d958dff9ffde945d26230d3a591f8ad08888f

  • SSDEEP

    393216:C80lVaVagn4Htq0c0M9BPU7R4f7epIhmFdvn992eISHz/K6vH901k:CnVaEgn4NqUyPU7yfOcmbvn72nST/1v7

Malware Config

Targets

    • Target

      a9360745871d11e86208dfc05389ed87_JaffaCakes118

    • Size

      18.5MB

    • MD5

      a9360745871d11e86208dfc05389ed87

    • SHA1

      88c09ba1d029e0c6188a9be0281f3decc728ffb3

    • SHA256

      654eebb38506e36b159f0dda7b316e2b726548145a179cec49b32bb030d5aba8

    • SHA512

      75e1fd50661e07cc75556bc569218dc2b964dda601f950444c5db2598919e521a537b4a2fba802c21330fe93967d958dff9ffde945d26230d3a591f8ad08888f

    • SSDEEP

      393216:C80lVaVagn4Htq0c0M9BPU7R4f7epIhmFdvn992eISHz/K6vH901k:CnVaEgn4NqUyPU7yfOcmbvn72nST/1v7

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      $PLUGINSDIR/ButtonEvent.dll

    • Size

      5KB

    • MD5

      c24568a3b0d7c8d7761e684eb77252b5

    • SHA1

      66db7f147cbc2309d8d78fdce54660041acbc60d

    • SHA256

      e2da6d8b73b5954d58baa89a949aacece0527dfb940ca130ac6d3fd992d0909d

    • SHA512

      5d43e4c838fd7f4c6a4ab6cc6d63e0f81d765d9ca33d9278d082c4f75f9416907df10b003e10edc1b5ef39535f722d8dbfab114775ac67da7f9390dcc2b4b443

    • SSDEEP

      48:a7sTTDi+BjvqYR4gYFmsHFpXq65lZ9W5wOXnhLk4nOvlWxG5PZKuB:ri+BjSXgY8sHFE6TzWXzncsGSm

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      41a3c964232edd2d7d5edea53e8245cd

    • SHA1

      76d7e1fbf15cc3da4dd63a063d6ab2f0868a2206

    • SHA256

      8b65fec615c7b371c23f8f7f344b12dc5085e40a556f96db318ed757494d62d5

    • SHA512

      fa16bd9d020602e3065afd5c0638bc37775b40eb18bfa33b4ca5babcc3e6f112ae7d43457a6e9685ddbe6e94b954a1dc43d1da7af9ca7464019a3f110af549c1

    • SSDEEP

      192:s/er7uivwq1XpKs4FVWSjMd8tIg2cREbyCsZ8q2R4SyIXe:sQ7Xws4FVWig86/5eCBqSyIXe

    Score
    3/10
    • Target

      $PLUGINSDIR/UserInfo.dll

    • Size

      4KB

    • MD5

      c1f778a6d65178d34bde4206161a98e0

    • SHA1

      29719fffef1ab6fe2df47e5ed258a5e3b3a11cfc

    • SHA256

      9caf7a78f750713180cf64d18967a2b803b5580e636e59279dcaaf18ba0daa87

    • SHA512

      9c3cf25cf43f85a5f9c9ed555f12f3626ef9daeeedd4d366ada58748ead1f6e279fea977c76ae8bae1dc49bfd852e899cb137c4a006c13e9fcebf6e5e2926a4d

    Score
    3/10
    • Target

      $PLUGINSDIR/a/$_110_

    • Size

      1.4MB

    • MD5

      5b4a90d8d2c61f0e6fe2ffef347696e9

    • SHA1

      23a45252deeba6f0faff3e8a17d503d1ccc42009

    • SHA256

      89a90ef4e7db39e6c89f37527c66ca3ba14eee3ac3dc4fb40aae347fb2ed98b1

    • SHA512

      accbd10c1d7698c19db170ec0e42a955a71e9a6b3286307778969d581f6f1f27c6825d73caf8e9ec8e93208115659c1522a69923ac47ea9603b907f4843ae166

    • SSDEEP

      24576:G/9KoDw9QnfM1q8rAxsZc+HMa7OBolZJ9XXXwYHNmLMqRa3xDjuZFpCUguB0mD2E:G/TDaaxsZFHMa7OBolZJ9XXfU41BjGFT

    Score
    1/10
    • Target

      $PLUGINSDIR/execDos.dll

    • Size

      5KB

    • MD5

      0deb397ca1e716bb7b15e1754e52b2ac

    • SHA1

      fbb9bcf872c5dbb4ca4c80fb21d41519bc273ef5

    • SHA256

      720be35cd1b4a333264713dc146b4ad024f3a7ad0644c2d8c6fcedd3c30e8a1f

    • SHA512

      507db0bee0897660750007e7ce674406acf9e8bf942cf26ded5654c07682757b07c9eb767bead0966478abc554dc9a6461c4288dc35d12cacfadad4c128f1bb7

    • SSDEEP

      96:J++xDiP4p7t7dNOt3stxtRFFXxGD6qxlnKE6ttdH3r3:Rx9pJ7jQs5toD6Cln/6tt1

    Score
    3/10
    • Target

      $PLUGINSDIR/g/PF-Chrome-2018.exe

    • Size

      1.1MB

    • MD5

      6ad2d8ca0f6bff52c5a32c0699c4a64a

    • SHA1

      47c39785594de8826a66c6dfdb5c26cf9a2fecc7

    • SHA256

      b74f0e71111dc756d897ad417213fc0460a4af485c086908ff4da721674bfcb5

    • SHA512

      085137ba11d3d54e48cb0beb5c84c34e84e0451500cb77584972061f6467baba5245a1563843951e39bdc9c75a31b60e096b7c3b7d9edc421fc12151d3d1045e

    • SSDEEP

      24576:JnvfB/d6pgI6ZCspkoL2VrDfktCIl1bvNhZHbK:Jx/d6pgI6Zfp9+7kT1bvNnHbK

    • Modifies Installed Components in the registry

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Target

      $PLUGINSDIR/System.dll

    • Size

      23KB

    • MD5

      8e050192b6b98d8adfffc297e7d6ecaa

    • SHA1

      bd1f7591c36a172caad81ef1b3ea51e998e1cce4

    • SHA256

      4177e765eed3bba3794cd21b50779c097e8a943bc92c3621f2f51a85cef46def

    • SHA512

      12d7694987fbb6aea59102a25498291ea0f8e44ac57ad2ac744199123534b8cb3c373b5fdeecc0e09f971db63f543bbb2809d24be29a0c03deaf4dfd5e463f33

    • SSDEEP

      384:QsuiXfwnOEFMUgKWSeMPe3+6a+A6PcPpntKfh00g5j9nj:lfwnLFMUGMPenA6Yuh9yj

    Score
    3/10
    • Target

      $PLUGINSDIR/g/PF-Toolbar-2016.exe

    • Size

      820KB

    • MD5

      0f32452f14ff2cd57bea1b35efd6c839

    • SHA1

      3b20f2f4a54b21f3fb0c9fb04d0544348e61a460

    • SHA256

      fa53ce9ae4c2345f25f5ac61748623451004aa555a72d61162fbb266887d8b2d

    • SHA512

      80a75aae72c366c0ccf2c89aec8ff120fcdc0def2ecaeb16373f1c930eb4c0fd311653da3230bc056e4acfe116f35db668a17f647a7252877e2fb6525e48157a

    • SSDEEP

      12288:6mt6FaNUTjCumbaKQ9j2aBjo8koh41SN8SDajcXLWdfh9EoqPfY8N0bx:pt68Ej7nIgs8v4AN96dS3Yk0F

    Score
    4/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      301a9c8739ed3ed955a1bdc472d26f32

    • SHA1

      a830ab9ae6e8d046b7ab2611bea7a0a681f29a43

    • SHA256

      6ec9fde89f067b1807325b05089c3ae4822ce7640d78e6f32dbe52f582de1d92

    • SHA512

      41d88489ecb5ec64191493a1ed2ed7095678955d9fa72cccea2ae76dd794e62e7b5bd3aa2c313fb4bdf41c2f89f29e4cafe43d564ecad80fce1bf0a240b1e094

    • SSDEEP

      192:hCPej3uzvJwqJMQKN4GbeWZksMI4ETWcEbcBZ8ep2Kra7yAG:hCQ2HgN4GbeWmbI4Eybogia7yA

    Score
    3/10
    • Target

      $TEMP/GoogleUpdateSetup_1.3.21.169.exe

    • Size

      799KB

    • MD5

      7abad5635830cb8af3ea5b88e76f728d

    • SHA1

      7809cb7c62fb6c95e7dd244bc480f3f93e695a25

    • SHA256

      27785c7b3825d73149794527a8be2dbdedd737ad3d47ecc6eb30be7546c1bdff

    • SHA512

      09c3e2b4726974db4ffd46c58f7177a52fcea2c85a8a22196555cfeefda7c6f4cb453de196f919a1e2ca2441379a36a9b40bb3d70d64c4148c31b58d0ce50be3

    • SSDEEP

      12288:wSAQRtXumsaKQ912aA+o8kohKldN8NDSjcX2HdhhMxI7NGfWna490XAsNy+0O:wSA8teemzL8vKfNGSGq7NGen990xys

    Score
    4/10
    • Target

      $PLUGINSDIR/g/gcapi_dll.dll

    • Size

      348KB

    • MD5

      2973af8515effd0a3bfc7a43b03b3fcc

    • SHA1

      4209cded0caac7c5cb07bcb29f1ee0dc5ac211ee

    • SHA256

      d0e4581210a22135ce5deb47d9df4d636a94b3813e0649aab84822c9f08af2a0

    • SHA512

      b6f9653142ec00b2e0a5045f0f2c7ba5dbbda8ef39edf14c80a24ecab3c41f081eb466994aaf0879ac96b201ba5c02d478275710e4d08b3debc739063d177f7e

    • SSDEEP

      6144:O3RIclFikwwYUP5SvL8z6uNMw4n8kUddV6F8Q4cfRUWj/aNTcES:O36SwwviL8VgnaddV6F8Q4cZBzES

    Score
    1/10
    • Target

      $PLUGINSDIR/g/gcombo/ComboOffer_1025.html

    • Size

      3KB

    • MD5

      3876777e8e7b73a9a1113402fe54aca9

    • SHA1

      d5fc2d953530949ebd474925dcc2f737058d09e6

    • SHA256

      06ee0d941530d5bf86009e7df0d15dd5767be6dda2f955f2aedbd220edb261b6

    • SHA512

      55ed0ceb960dfec3e77a583ff2db11f29b0c6b619c08ec44bba96d2c636c89aae09169e4a01d8fc4bbdf81a500f46c35ab14ed3496230c45eaaef1d93c70ecde

    Score
    1/10
    • Target

      $PLUGINSDIR/g/gcombo/ComboOffer_1026.html

    • Size

      3KB

    • MD5

      31f4afa1e87f0243c43b0203b89d50b1

    • SHA1

      dba384c943d572d39ecebe68e9598945549d571d

    • SHA256

      34c5182d004df6016042423e040a79f597e9286f5f75f38c0a821fc06494c702

    • SHA512

      7ba8fb63df10b23e6506cb315f683b3fed5ffe1c925d1203e65be4da9f906ad3dde6799b0963f69c379ba43664a33770b8643426a937c803a5dffccb8702a9fc

    Score
    1/10
    • Target

      $PLUGINSDIR/g/gcombo/ComboOffer_1027.html

    • Size

      3KB

    • MD5

      d23b9d2a41fb327025c45b392b8415a5

    • SHA1

      8ac0e6f20608ef80e3a67cf6e7a93a6aa9d9d7fa

    • SHA256

      36b5327492d4a1097a87c6f52ea89d90ab5245799a700e189c48fd41e2ea7179

    • SHA512

      fd7af60a9946ab1acfbc5747da571e04807c4fcf3c11832738218f479b6022c22011b0a8e43820b16130c880718ebb820c917f3bbd90fbc6b32a93bdd93ee666

    Score
    1/10
    • Target

      $PLUGINSDIR/g/gcombo/ComboOffer_1028.html

    • Size

      3KB

    • MD5

      3c9d9a1818bede3e8e7fa99685d503df

    • SHA1

      0db677e7ce9707e89c865a89cc6ab60e04af0119

    • SHA256

      5cdeaa26f12096e1aecda8acc42516341599ae4122d8e9c95d461ceb0a7e3010

    • SHA512

      9b9c06ef13ba802e0850fd98ff025479bd955c93925405bc7a181515e3c01d87b0b15c37057c2a26bc6fbb93fa814f4dc07d8658a542851c6dd2dd1cd4924632

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

bootkitdiscoverypersistence
Score
6/10

behavioral2

bootkitdiscoverypersistence
Score
6/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

discoverypersistence
Score
8/10

behavioral14

discoverypersistence
Score
8/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

Score
4/10

behavioral18

Score
4/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
4/10

behavioral22

Score
4/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10