Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
3299add446a...18.exe
windows7-x64
7299add446a...18.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/inetc.dll
windows7-x64
3$PLUGINSDIR/inetc.dll
windows10-2004-x64
3$TEMP/Weat...up.msi
windows7-x64
6$TEMP/Weat...up.msi
windows10-2004-x64
6uninst.exe
windows7-x64
7uninst.exe
windows10-2004-x64
7General
-
Target
299add446ad38fe19ccac7f97ff8d57a_JaffaCakes118
-
Size
2.6MB
-
Sample
240706-3jg1psxdnn
-
MD5
299add446ad38fe19ccac7f97ff8d57a
-
SHA1
0198fb3c98ebf604e4a88228aacc83bf308429b7
-
SHA256
e2f7ca22aacdedb489e6df6710c16bae7519bc7033d29dda95c9582c405ffee8
-
SHA512
bef140c7c34352ef072002312f07759928052cb2176f794d500807dab911742dc3e2ed5ae62fdbe0988d80ebb10cd3d8c12da7ff75fbd82f89b685eda5e61906
-
SSDEEP
49152:R4j4Fg/mTOii09HqbgILFAoCAV9m3ZeHniNnf3itUSG1YKyI:CEFa4O1mqMIioH5HoPuQ1YHI
Static task
static1
Behavioral task
behavioral1
Sample
299add446ad38fe19ccac7f97ff8d57a_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
299add446ad38fe19ccac7f97ff8d57a_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/inetc.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/inetc.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral9
Sample
$TEMP/WeatherBugSetup.msi
Resource
win7-20240220-en
Behavioral task
behavioral10
Sample
$TEMP/WeatherBugSetup.msi
Resource
win10v2004-20240704-en
Behavioral task
behavioral11
Sample
uninst.exe
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
uninst.exe
Resource
win10v2004-20240704-en
Malware Config
Targets
-
-
Target
299add446ad38fe19ccac7f97ff8d57a_JaffaCakes118
-
Size
2.6MB
-
MD5
299add446ad38fe19ccac7f97ff8d57a
-
SHA1
0198fb3c98ebf604e4a88228aacc83bf308429b7
-
SHA256
e2f7ca22aacdedb489e6df6710c16bae7519bc7033d29dda95c9582c405ffee8
-
SHA512
bef140c7c34352ef072002312f07759928052cb2176f794d500807dab911742dc3e2ed5ae62fdbe0988d80ebb10cd3d8c12da7ff75fbd82f89b685eda5e61906
-
SSDEEP
49152:R4j4Fg/mTOii09HqbgILFAoCAV9m3ZeHniNnf3itUSG1YKyI:CEFa4O1mqMIioH5HoPuQ1YHI
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
325b008aec81e5aaa57096f05d4212b5
-
SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3
-
SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
-
SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
-
SSDEEP
192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
c17103ae9072a06da581dec998343fc1
-
SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
-
SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
-
SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
$PLUGINSDIR/inetc.dll
-
Size
20KB
-
MD5
e541458cfe66ef95ffbea40eaaa07289
-
SHA1
caec1233f841ee72004231a3027b13cdeb13274c
-
SHA256
3bce87b66d9272c82421920c34b0216e12c57a437d1955c36f23c74c1a01d420
-
SHA512
0bf6313e4cb7bbdcfba828fb791540b630adc58c43aa4b5ba77790367d0f34f76077cd84cc62e2a2c98c788a88547f32a11e549873d172c5aa2753124847cd0c
-
SSDEEP
384:b1JO6XgZkjxm+NpXaWgzxUX//EUhU7ya4LQ0Ac9khYLMkIX0+GBty3Sm0:b+6Xgsm+NpKWgzxUXnEUhUua4Li70
Score3/10 -
-
-
Target
$TEMP/WeatherBugSetup.msi
-
Size
3.1MB
-
MD5
8c23be9e13b10ce4e5969abd7d838576
-
SHA1
adda1875ca69a6b9e21e4257833c508a46fa85c1
-
SHA256
8d62da599bb3c0262a3b90ad2ea04da1834f7e4eee95e088951a2dabeae75589
-
SHA512
74430f4495c11e0f1e2d747c72b7a984f531c2f1dbd18e3e772256b687c9a1a86c65dc54bfc5b03359eddd55812ce49239ab46f9aaccfa2b177c36d2ff93d02e
-
SSDEEP
49152:dc4h6/9tTXuawqIXFI1L5ZVBlYkw2hWvnyQZboyCb/zaeyb7EaGVaGV:Thgaawqca1NPWPyQxrb7BGUG
Score6/10-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
uninst.exe
-
Size
47KB
-
MD5
2c384cc3af3b40b1a8727b04dae70341
-
SHA1
348d2284c64ff5469d85d033cb1e813bc7602a80
-
SHA256
b3722bd7153150017aa36293e6eaa5abbe8596703c35c371cc9f11df42a93b2d
-
SHA512
bcbc35bb1f718169c4417abf384e0116a004b7bb1a79688e886fb5d677f44e58fda406b3a175163bcd3463b168f50fff6c53e7b0879189f7f9797b06c219e48c
-
SSDEEP
768:THJd0TpH2+bQ2dUWVX9Hfv1JMWmtLEJOyuBxG0D3mjfS3XJfgd2iZQAm6kRRS+Nb:TpgpHzb9dZVX9fHMvG0D3XJfgdLeAyNb
Score7/10-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Installer Packages
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Installer Packages
1