Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    299add446ad38fe19ccac7f97ff8d57a_JaffaCakes118

  • Size

    2.6MB

  • Sample

    240706-3jg1psxdnn

  • MD5

    299add446ad38fe19ccac7f97ff8d57a

  • SHA1

    0198fb3c98ebf604e4a88228aacc83bf308429b7

  • SHA256

    e2f7ca22aacdedb489e6df6710c16bae7519bc7033d29dda95c9582c405ffee8

  • SHA512

    bef140c7c34352ef072002312f07759928052cb2176f794d500807dab911742dc3e2ed5ae62fdbe0988d80ebb10cd3d8c12da7ff75fbd82f89b685eda5e61906

  • SSDEEP

    49152:R4j4Fg/mTOii09HqbgILFAoCAV9m3ZeHniNnf3itUSG1YKyI:CEFa4O1mqMIioH5HoPuQ1YHI

Malware Config

Targets

    • Target

      299add446ad38fe19ccac7f97ff8d57a_JaffaCakes118

    • Size

      2.6MB

    • MD5

      299add446ad38fe19ccac7f97ff8d57a

    • SHA1

      0198fb3c98ebf604e4a88228aacc83bf308429b7

    • SHA256

      e2f7ca22aacdedb489e6df6710c16bae7519bc7033d29dda95c9582c405ffee8

    • SHA512

      bef140c7c34352ef072002312f07759928052cb2176f794d500807dab911742dc3e2ed5ae62fdbe0988d80ebb10cd3d8c12da7ff75fbd82f89b685eda5e61906

    • SSDEEP

      49152:R4j4Fg/mTOii09HqbgILFAoCAV9m3ZeHniNnf3itUSG1YKyI:CEFa4O1mqMIioH5HoPuQ1YHI

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      325b008aec81e5aaa57096f05d4212b5

    • SHA1

      27a2d89747a20305b6518438eff5b9f57f7df5c3

    • SHA256

      c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    • SHA512

      18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

    • SSDEEP

      192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $PLUGINSDIR/inetc.dll

    • Size

      20KB

    • MD5

      e541458cfe66ef95ffbea40eaaa07289

    • SHA1

      caec1233f841ee72004231a3027b13cdeb13274c

    • SHA256

      3bce87b66d9272c82421920c34b0216e12c57a437d1955c36f23c74c1a01d420

    • SHA512

      0bf6313e4cb7bbdcfba828fb791540b630adc58c43aa4b5ba77790367d0f34f76077cd84cc62e2a2c98c788a88547f32a11e549873d172c5aa2753124847cd0c

    • SSDEEP

      384:b1JO6XgZkjxm+NpXaWgzxUX//EUhU7ya4LQ0Ac9khYLMkIX0+GBty3Sm0:b+6Xgsm+NpKWgzxUXnEUhUua4Li70

    Score
    3/10
    • Target

      $TEMP/WeatherBugSetup.msi

    • Size

      3.1MB

    • MD5

      8c23be9e13b10ce4e5969abd7d838576

    • SHA1

      adda1875ca69a6b9e21e4257833c508a46fa85c1

    • SHA256

      8d62da599bb3c0262a3b90ad2ea04da1834f7e4eee95e088951a2dabeae75589

    • SHA512

      74430f4495c11e0f1e2d747c72b7a984f531c2f1dbd18e3e772256b687c9a1a86c65dc54bfc5b03359eddd55812ce49239ab46f9aaccfa2b177c36d2ff93d02e

    • SSDEEP

      49152:dc4h6/9tTXuawqIXFI1L5ZVBlYkw2hWvnyQZboyCb/zaeyb7EaGVaGV:Thgaawqca1NPWPyQxrb7BGUG

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Target

      uninst.exe

    • Size

      47KB

    • MD5

      2c384cc3af3b40b1a8727b04dae70341

    • SHA1

      348d2284c64ff5469d85d033cb1e813bc7602a80

    • SHA256

      b3722bd7153150017aa36293e6eaa5abbe8596703c35c371cc9f11df42a93b2d

    • SHA512

      bcbc35bb1f718169c4417abf384e0116a004b7bb1a79688e886fb5d677f44e58fda406b3a175163bcd3463b168f50fff6c53e7b0879189f7f9797b06c219e48c

    • SSDEEP

      768:THJd0TpH2+bQ2dUWVX9Hfv1JMWmtLEJOyuBxG0D3mjfS3XJfgd2iZQAm6kRRS+Nb:TpgpHzb9dZVX9fHMvG0D3XJfgdLeAyNb

    Score
    7/10
    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks