Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    26b4243db442d797e817c44953544e55_JaffaCakes118

  • Size

    5.8MB

  • Sample

    240704-3wv34ayfnd

  • MD5

    26b4243db442d797e817c44953544e55

  • SHA1

    b662ee7df1e0b040b8b6ba986c73a278647b94d9

  • SHA256

    276fb9aaa5891fa085559bd168176203d14a1c97df09f05fd496fa060d79cb10

  • SHA512

    b85958026650086e4be6023d3a7d0cc679ff8af734bd6ae10acd87bab902964099cf668456e177ec69c7d5b90718ee1b624e258eee3e169bbfb9956dbbb3ac7d

  • SSDEEP

    98304:J5FCaCZBwYHfuJTczPN2vF9/bJV3yYsOvHtQF6InPSgfDJBNBpKZJT:J2BxmJTQl2vP/bJVCTVF68TNyPT

Score
8/10

Malware Config

Targets

    • Target

      26b4243db442d797e817c44953544e55_JaffaCakes118

    • Size

      5.8MB

    • MD5

      26b4243db442d797e817c44953544e55

    • SHA1

      b662ee7df1e0b040b8b6ba986c73a278647b94d9

    • SHA256

      276fb9aaa5891fa085559bd168176203d14a1c97df09f05fd496fa060d79cb10

    • SHA512

      b85958026650086e4be6023d3a7d0cc679ff8af734bd6ae10acd87bab902964099cf668456e177ec69c7d5b90718ee1b624e258eee3e169bbfb9956dbbb3ac7d

    • SSDEEP

      98304:J5FCaCZBwYHfuJTczPN2vF9/bJV3yYsOvHtQF6InPSgfDJBNBpKZJT:J2BxmJTQl2vP/bJVCTVF68TNyPT

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/FindProcDLL.dll

    • Size

      3KB

    • MD5

      8614c450637267afacad1645e23ba24a

    • SHA1

      e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2

    • SHA256

      0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758

    • SHA512

      af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b

    Score
    3/10
    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      325b008aec81e5aaa57096f05d4212b5

    • SHA1

      27a2d89747a20305b6518438eff5b9f57f7df5c3

    • SHA256

      c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    • SHA512

      18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

    • SSDEEP

      192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo

    Score
    3/10
    • Target

      $PLUGINSDIR/StartMenu.dll

    • Size

      7KB

    • MD5

      a4173b381625f9f12aadb4e1cdaefdb8

    • SHA1

      cf1680c2bc970d5675adbf5e89292a97e6724713

    • SHA256

      7755ff2707ca19344d489a5acec02d9e310425fa6e100d2f13025761676b875b

    • SHA512

      fcac79d42862da6bdd3ecad9d887a975cdff2301a8322f321be58f754a26b27077b452faa4751bbd09cd3371b4afce65255fbbb443e2c93dd2cba0ba652f4a82

    • SSDEEP

      96:2fiqP7bO2qHkAC40KhvSE+6nrxtMn0iGd88qRLqtJ1tbRhElfRx2:siqP7OHX1Q4xtcf8qo/ttgfRx2

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $TEMP/ApnIC.dll

    • Size

      240KB

    • MD5

      ed92900bf225e26a4e54c2c14fa1424f

    • SHA1

      e32aa2e78d2c8f0e9316080e71a714befe851e6c

    • SHA256

      b284311140c80784af8f5b01550b0d7eb4b0d64cf2037800cc284856c1ff4740

    • SHA512

      9e3c7571e2bd2a2ec6d842064b2b310a018bafa7125639135240485625252989d3c0ac5d18c7b4a88835aa8aac67ac2521237dbd757e0ae652ecf39b723e314d

    • SSDEEP

      3072:pJ+Mz0fYrZiMVpqgQGF4nkpo/kVv6WNJHD9Koeajs0o2XhixrMIyxUkvsWfmbh:pUMz8nMVp+GokO/kt9KoTqxrMXEwa

    Score
    8/10
    • Blocklisted process makes network request

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $TEMP/ApnStub.exe

    • Size

      139KB

    • MD5

      c36923084822c017f69396418a999d39

    • SHA1

      fdc2005ced8acf86c68fe1b86b0698d0539e8ce0

    • SHA256

      7a158fdeea8f7107be5ce40242546a503193aa1c278f74a4730871b8edd0ba76

    • SHA512

      fb1106d4f4a138cad28a4282cb00c72688e03610be1d31a7cdd7b42b23e00e4f7ca9e731a7ab016d5920411707e165e3ee48164ef520112d8ac36fad85749c44

    • SSDEEP

      3072:kchfXbup04LnomgmlgV5sUjbW/+lt5qqqqqqqqqqqqBYFpbO:BPbue4LP+V5f6U7qqqqqqqqqqqqH

    Score
    1/10
    • Target

      $TEMP/ApnToolbarInstaller.exe

    • Size

      3.5MB

    • MD5

      7cf1b0069d864d83b729445ad6c3c6a1

    • SHA1

      613bdcdc4b16eb466124a549d021646eafb70b7c

    • SHA256

      3d3da0c54c6d36f6f21aeb0fc076b6189d46ba24829dc729f8c4903e21971fc2

    • SHA512

      27703365ff1c4b086e818334faeab0b7795298bb10abda92adf733318d16916e57d3f6bcb4bb9e4c9e862b048fd2894ff0ef012a262b79b877808c91eb4e67e8

    • SSDEEP

      49152:GIXA/T1fkbVCs/2cex8CfdVY36EfrTzcZsepCKP5lwJr4a5RR2EArjKmRicekm0K:GUAhfjDYKEgZNCEmf5ArGmKbSH2r

    Score
    1/10
    • Target

      ImgBurn.exe

    • Size

      2.7MB

    • MD5

      9bb871708d51de6a6b72a47e569453fc

    • SHA1

      ae7e7e1616f83425da8ebe5e23140417c7047e2e

    • SHA256

      fa501963539ea9f70835d8d4f2004c8e0481127499e11c54959146746601b582

    • SHA512

      4f250b48ff21eb0ef53e35f763bf1eda9bb35e1319560252e0c574728285d5a92b42dbaf1b05c8ace57af0aa1f849a9516b537ef73e9d43fe2b95597ab9421b7

    • SSDEEP

      49152:pOn/RJc1sBKhC5cfSQNxA4P0vJ2m17LUFCiBWcwLGhrvoQ0rVTIQX5vzFt:pyYQQTdNxFoD1MFC6wL3Q0ZIQp

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Target

      ImgBurnPreview.exe

    • Size

      209KB

    • MD5

      c767843e49d828930ac7b9c36cd047f6

    • SHA1

      bd721b718056825df692046a5259624da4d638d1

    • SHA256

      6d83891fb8430d642582ba7bde76fc433266ebe6327ec9a43ee2101f0fd79706

    • SHA512

      96a78312bf96ce3f64d8d89f84dddc70edd12399877e4c74ca0c02418a8944d66ea7bd11a76d13ef693733d7ccb5e08165be74db5a847d5cdb359b8a273eb174

    • SSDEEP

      3072:vm1BzKL2lZ33qxjrzVcol6gUjywWHlGvakyvVuk2AQ4w/vvoutc:uLzL33qxjWoG19xCuzAQn/XoS

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      uninstall.exe

    • Size

      71KB

    • MD5

      da943c4884b1375d00b226be923f0225

    • SHA1

      b3947815a56c356490a2b54a42a51a2dc31ce503

    • SHA256

      b3ba1664fae7d056d166889438cc897a731c78097ecec3cd122664206da8c8ba

    • SHA512

      86e31c35f5e5d0b00763be7864889ad05ea6322f9ead8193ddb3be189099f0726ab6f634bbb4fd340df97172034169f8bb4f95f91ebedac1804bea05977a4f30

    • SSDEEP

      1536:oQpQ5EP0ijnRTXJ88gg+SsN7buCryG4SDMw0zJR1s:oQIURTXJ88b+vnuCryG3YVK

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks