Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

0f562ef020...18.exe

windows7-x64

7

0f562ef020...18.exe

windows10-2004-x64

7

$APPDATA/�...÷.lnk

windows7-x64

3

$APPDATA/�...÷.lnk

windows10-2004-x64

7

$FAVORITES...÷.url

windows7-x64

6

$FAVORITES...÷.url

windows10-2004-x64

3

$FAVORITES...÷.url

windows7-x64

6

$FAVORITES...÷.url

windows10-2004-x64

3

$FAVORITES...Ø.url

windows7-x64

6

$FAVORITES...Ø.url

windows10-2004-x64

3

$FAVORITES...½.url

windows7-x64

6

$FAVORITES...½.url

windows10-2004-x64

3

$TEMP/A±�...HJ.dll

windows7-x64

1

$TEMP/A±�...HJ.dll

windows10-2004-x64

1

$TEMP/A±�...Io.dll

windows7-x64

1

$TEMP/A±�...Io.dll

windows10-2004-x64

1

$TEMP/A±�...Io.sys

windows7-x64

1

$TEMP/A±�...Io.sys

windows10-2004-x64

1

$TEMP/A±�...er.exe

windows7-x64

1

$TEMP/A±�...er.exe

windows10-2004-x64

1

$TEMP/A±�...ll.exe

windows7-x64

7

$TEMP/A±�...ll.exe

windows10-2004-x64

7

C:/Documen...��.lnk

windows7-x64

1

C:/Documen...��.lnk

windows10-2004-x64

1

C:/Documen...÷.url

windows7-x64

1

C:/Documen...÷.url

windows10-2004-x64

1

C:/Documen...÷.url

windows7-x64

1

C:/Documen...÷.url

windows10-2004-x64

1

C:/Documen...Ø.url

windows7-x64

1

C:/Documen...Ø.url

windows10-2004-x64

1

C:/Documen...½.url

windows7-x64

1

C:/Documen...½.url

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0f562ef0200664bc779e2e2569337a14_JaffaCakes118

  • Size

    542KB

  • Sample

    240625-yplhvssclk

  • MD5

    0f562ef0200664bc779e2e2569337a14

  • SHA1

    b545b0ff555c09326d27adbd3cf8e5964e230baf

  • SHA256

    b860f598a2550bb42b2aa77aed81e106cd36c50975a71b8288871ae61482e7a0

  • SHA512

    17c357bc7c54a09806dcbb1903e9c61bcd2a13ebd6e56901054b7db2d462e951e8dee35aad04aa2366f78402edd09fe7d5465d4b6ff64d1f4f1444334d736a75

  • SSDEEP

    12288:wI5AA6NtlKQOeJVU9E3wleUeRYm8sz+OQK4JQ8uhWsSL:HApTOeTU9E3wsUeFznQJhue

Score
7/10
evasiontrojan

Malware Config

Targets

    • Target

      0f562ef0200664bc779e2e2569337a14_JaffaCakes118

    • Size

      542KB

    • MD5

      0f562ef0200664bc779e2e2569337a14

    • SHA1

      b545b0ff555c09326d27adbd3cf8e5964e230baf

    • SHA256

      b860f598a2550bb42b2aa77aed81e106cd36c50975a71b8288871ae61482e7a0

    • SHA512

      17c357bc7c54a09806dcbb1903e9c61bcd2a13ebd6e56901054b7db2d462e951e8dee35aad04aa2366f78402edd09fe7d5465d4b6ff64d1f4f1444334d736a75

    • SSDEEP

      12288:wI5AA6NtlKQOeJVU9E3wleUeRYm8sz+OQK4JQ8uhWsSL:HApTOeTU9E3wsUeFznQJhue

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      $APPDATA/Æô¶¯ Internet Explorer ä¯ÀÀÆ÷.lnk

    • Size

      716B

    • MD5

      df268dd1724ccafc64daf692eaed5285

    • SHA1

      019ce6a00968bdaf939c2c4909f0d87d4053eaf3

    • SHA256

      a9d41b41b080de8beeab15ebaf2530cce9e5a8fdb5a6bf4509d2979e0ad1f0f1

    • SHA512

      93f8161f32bb4b07e4172deff741722d4a4c587ad9ebb8a33b90a375aac9fb4a808c978f4263af77c43d19b46bd93181c70af33917427f3473034db1de2b58db

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral3behavioral4

    • Target

      $FAVORITES/GoogleËÑË÷.url

    • Size

      74B

    • MD5

      8be576f4a76d79e98ecc7e61b2beaf12

    • SHA1

      0589dbef82d50f5c0ff3baa0e216faf3c1a26168

    • SHA256

      5dbb2a3396574347dd5e1c231a8e1dd49faefa094e7358a29eddce2f16406584

    • SHA512

      46b0ab0e746b74b8bae881df06514999be3aa39f7a697c390a4dd37bdaf5e874069e585245e95eec5b39878aa465ab41ca886afce85b8dfbd6904ed01a9fc74c

    Score
    6/10
    evasiontrojan
    behavioral5behavioral6

    • Target

      $FAVORITES/°Ù¶ÈËÑË÷.url

    • Size

      216B

    • MD5

      ea47d4327c78dd3003c5a68d2584ab95

    • SHA1

      33b81f6611537bcf0ecae9472a14ec9a3c0ef584

    • SHA256

      9fc516a75a7c24580bdebe99fa106b37173ecd25f5ff8060db9fe03cdba64f53

    • SHA512

      f77fd30a2c8529ab6ffbf037a3f7a9a4c5e6c6bf9c161fb532786108bd34a8ff85b22b277036a05ac97b4d6dde3d23cee0eebaa457980442a469c25d06e06542

    Score
    6/10
    evasiontrojan
    behavioral7behavioral8

    • Target

      $FAVORITES/ÍêÃÀϵͳÏÂÔØ.url

    • Size

      142B

    • MD5

      75819e641311cf416a2e2c7e77adb856

    • SHA1

      fcb4dbaea6e4f2e08bb48a60364f6ad9981b89a8

    • SHA256

      63a38655e1d0d4494ad75daf31aa18168a525eb0d6444ad9a04817e313a28cd6

    • SHA512

      be94bd0e2f0a0e6938dc662f8597bd13d7b2d4b3f9c050facf7710a8727c41350296524c432a474837c28ade8688a9d3d55e299c6daf9d28ea9bc149e1ce6f09

    Score
    6/10
    evasiontrojan
    behavioral10behavioral9

    • Target

      $FAVORITES/ÍøÖ·µ¼º½.url

    • Size

      131B

    • MD5

      3e8486bf474fb8c0ddd8993aa1274c4d

    • SHA1

      df1fe0240e1995357de68f8590ccd31d0e001e21

    • SHA256

      00825acda1bb3e9058f33e14d2434f0c9c046b81bcf0759704263faa273bfd9c

    • SHA512

      44f0a89527d0922b14fd9eb955fe1d9794fd2b0b46569106b0230e778d666b18c994e046d32cf9b7f16d966da3e12084df9f4614e439d7021377b54bd6019ed4

    Score
    6/10
    evasiontrojan
    behavioral11behavioral12

    • Target

      $TEMP/A±äËÙÆ÷/JSHJ.dll

    • Size

      52KB

    • MD5

      543df5cc612f10d753b823a893c5b636

    • SHA1

      60d8df3b1cd3d1cd8316a8ec3c4fb1a98ec13139

    • SHA256

      35fa8c59e3480e5b26e7334ec91e8318130f68583fc2e3ae04f824357271ea63

    • SHA512

      cb9b22c493f8e9a3188b35570a3bb091508fc2e41e4852eeaf17f0e9eeddeb0e68c717a9f3eaacd2c935aba9c6366e5f2d9258b38cacf9a5a5a5e02abf8d494d

    • SSDEEP

      1536:Y9hgRc5pORLL/2sLio5QNi5MR9sG0GkH9:YEIpOR/kNQMXcH9

    Score
    1/10
    behavioral13behavioral14

    • Target

      $TEMP/A±äËÙÆ÷/WinIo.dll

    • Size

      48KB

    • MD5

      6d113aa35a8c79b236751e4ccf2b7751

    • SHA1

      b4ac97768512acd31e4a824b6595ec2163db7972

    • SHA256

      d2eb2a40174b9adb3abc768af7fa80882cd1e2ad22303fe4448db89509ac392b

    • SHA512

      f83209d9e98395ae6127f247b7f68167708c1af789a332695feed0f7879d8a83405eed3c3e860e482cebc704a613563bcadfaa8a2986e348d85e50a2e0b3fb68

    • SSDEEP

      384:XPgsb8J2hTBC6nE5Ig7p+lAK37l6ape8cMAp3XynYHlwouJC6+p8oyx8rd:XPLhTBC6E5gAK3p618sXhHlwodL8oyW

    Score
    1/10
    behavioral15behavioral16

    • Target

      $TEMP/A±äËÙÆ÷/WinIo.sys

    • Size

      4KB

    • MD5

      7e5a7cf19504af7ddaf4fa36261940d1

    • SHA1

      baac4c3ce5a46a73dbfbe98c8d89489d04e488a7

    • SHA256

      e665441a0968e7ee6eb246c4b984ff7449d7905890e55e07f251464d60191a6d

    • SHA512

      d1b226f50a079e2ed40ab5c04098fa11466b914568ba350ea23c0781c37f960e9003ff0ceada80f5c5455ec4dddcd9b44614e667bb774f3a7e12e33052c9498a

    • SSDEEP

      96:VsXktSPyUFouQWu5GQt3RnP3tzCEKsomeL28L1:2XuHIC7tPeL

    Score
    1/10
    behavioral17behavioral18

    • Target

      $TEMP/A±äËÙÆ÷/aspeeder.exe

    • Size

      1.0MB

    • MD5

      0b99f927d85b0d20e548183a860afaa0

    • SHA1

      5fff765df471ef83b370c92a12f56789dda2cb1f

    • SHA256

      c6eb445c422dda11d1094d927cc0f45446a7e954e72be6e3bfce81ef24f23c0f

    • SHA512

      f3290b60c149a70bf54786a2b447dbd0e94f9a16c901047a7109d4562410104dc54d6a9f7ef9a1ccc2bdd80e5b5094b8a098bb304cc2a068015e9472fb15b91c

    • SSDEEP

      12288:Con26ttYdG3mNPkab3sSp4tsNCgbzoyu7ZK6vslEpzmQmCPqSbBOWRt7uA:JLYVcIp4ts88xu7/GEIGNOWR

    Score
    1/10
    behavioral19behavioral20

    • Target

      $TEMP/A±äËÙÆ÷/uninstall.exe

    • Size

      35KB

    • MD5

      df01d76736107080fb48dd38bf110f0c

    • SHA1

      1a51f3988cf4c60010ea8b0d9cf45d0427f3df38

    • SHA256

      9dc0ad7de80ca7f5a61baa95eec4724104a9d20d12d36aa606406c90c50541c9

    • SHA512

      284a30d831a59f505f28199182d514eac79f757b68defd249a90ee964a85b189cd2777c004d642303d7ed948caa3ebeed84b51c3a99f43286d1143b2a810ab23

    • SSDEEP

      768:xE+BmrtvkC3kCERF57oTBQsuE2Ol3E3VLhg0rJsJRnmg:xZBCOCsoGXcERrJhg

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral21behavioral22

    • Target

      C:/Documents and Settings/Default User/Application Data/Microsoft/Internet Explorer/Quick Launch/Æô¶¯ Internet Explorer ä¯ÀÀÆ÷.lnk

    • Size

      722B

    • MD5

      82b495437a9ff437f4b54558b694f1ae

    • SHA1

      acb00af2b20b23ccec0eb962edb42d7f5c6d2e7d

    • SHA256

      18716893edf37b24c834c89ce8657889803f7d55d0483e26a1786e5084639a31

    • SHA512

      62eee5ea81021e8d38013aba71c368b4bf821faf0052caa594620e775e36ed085a97b20bdef8d1bafd1b66b0f6215b5a30cfe1e5313bb60e679266a36aeba238

    Score
    1/10
    behavioral23behavioral24

    • Target

      C:/Documents and Settings/Default User/Favorites/GoogleËÑË÷.url

    • Size

      74B

    • MD5

      8be576f4a76d79e98ecc7e61b2beaf12

    • SHA1

      0589dbef82d50f5c0ff3baa0e216faf3c1a26168

    • SHA256

      5dbb2a3396574347dd5e1c231a8e1dd49faefa094e7358a29eddce2f16406584

    • SHA512

      46b0ab0e746b74b8bae881df06514999be3aa39f7a697c390a4dd37bdaf5e874069e585245e95eec5b39878aa465ab41ca886afce85b8dfbd6904ed01a9fc74c

    Score
    1/10
    behavioral25behavioral26

    • Target

      C:/Documents and Settings/Default User/Favorites/°Ù¶ÈËÑË÷.url

    • Size

      216B

    • MD5

      ea47d4327c78dd3003c5a68d2584ab95

    • SHA1

      33b81f6611537bcf0ecae9472a14ec9a3c0ef584

    • SHA256

      9fc516a75a7c24580bdebe99fa106b37173ecd25f5ff8060db9fe03cdba64f53

    • SHA512

      f77fd30a2c8529ab6ffbf037a3f7a9a4c5e6c6bf9c161fb532786108bd34a8ff85b22b277036a05ac97b4d6dde3d23cee0eebaa457980442a469c25d06e06542

    Score
    1/10
    behavioral27behavioral28

    • Target

      C:/Documents and Settings/Default User/Favorites/ÍêÃÀϵͳÏÂÔØ.url

    • Size

      142B

    • MD5

      75819e641311cf416a2e2c7e77adb856

    • SHA1

      fcb4dbaea6e4f2e08bb48a60364f6ad9981b89a8

    • SHA256

      63a38655e1d0d4494ad75daf31aa18168a525eb0d6444ad9a04817e313a28cd6

    • SHA512

      be94bd0e2f0a0e6938dc662f8597bd13d7b2d4b3f9c050facf7710a8727c41350296524c432a474837c28ade8688a9d3d55e299c6daf9d28ea9bc149e1ce6f09

    Score
    1/10
    behavioral29behavioral30

    • Target

      C:/Documents and Settings/Default User/Favorites/ÍøÖ·µ¼º½.url

    • Size

      131B

    • MD5

      3e8486bf474fb8c0ddd8993aa1274c4d

    • SHA1

      df1fe0240e1995357de68f8590ccd31d0e001e21

    • SHA256

      00825acda1bb3e9058f33e14d2434f0c9c046b81bcf0759704263faa273bfd9c

    • SHA512

      44f0a89527d0922b14fd9eb955fe1d9794fd2b0b46569106b0230e778d666b18c994e046d32cf9b7f16d966da3e12084df9f4614e439d7021377b54bd6019ed4

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

Score
7/10

behavioral2

Score
7/10

behavioral3

Score
3/10

behavioral4

Score
7/10

behavioral5

evasiontrojan
Score
6/10

behavioral6

Score
3/10

behavioral7

evasiontrojan
Score
6/10

behavioral8

Score
3/10

behavioral9

evasiontrojan
Score
6/10

behavioral10

Score
3/10

behavioral11

evasiontrojan
Score
6/10

behavioral12

Score
3/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
7/10

behavioral22

Score
7/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10