Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    38756ece952ccc136c5a3c94162b343f_JaffaCakes118

  • Size

    649KB

  • Sample

    240711-kshdqa1flh

  • MD5

    38756ece952ccc136c5a3c94162b343f

  • SHA1

    2162118d07092c8f772524d58cf8965c3778bb68

  • SHA256

    a800e519e6989f9500ef24e47cdafe7e9c3aad6f0e808799ca5e86d6c0945a43

  • SHA512

    a3c6eba859741ef446215214b4c43a2a08d0397ecb6e974f275ba1db5d6d4cde0d4452ebe3cbee81df7532e0df03f02c2f56cb23b1aa01fac7b1677662ec9755

  • SSDEEP

    12288:4uWfUfKDXrC01g4REutdFANihZ87gOQmmKZ9ydhTE3W6h45WW6WS:4uOU8Ch4RdFAgQ7VnZyY3WKWS

Score
7/10

Malware Config

Targets

    • Target

      38756ece952ccc136c5a3c94162b343f_JaffaCakes118

    • Size

      649KB

    • MD5

      38756ece952ccc136c5a3c94162b343f

    • SHA1

      2162118d07092c8f772524d58cf8965c3778bb68

    • SHA256

      a800e519e6989f9500ef24e47cdafe7e9c3aad6f0e808799ca5e86d6c0945a43

    • SHA512

      a3c6eba859741ef446215214b4c43a2a08d0397ecb6e974f275ba1db5d6d4cde0d4452ebe3cbee81df7532e0df03f02c2f56cb23b1aa01fac7b1677662ec9755

    • SSDEEP

      12288:4uWfUfKDXrC01g4REutdFANihZ87gOQmmKZ9ydhTE3W6h45WW6WS:4uOU8Ch4RdFAgQ7VnZyY3WKWS

    Score
    7/10
    • Loads dropped DLL

    • Target

      $LOCALAPPDATA/RavenBleuSA/bin/1.0.13.0/$OUTDIR/RavenBleuUninstaller.exe

    • Size

      139KB

    • MD5

      8158d8c4808cbb76e5e3f219df862297

    • SHA1

      9614fc01763dab8cbb9cd93fb551343e52fcee2f

    • SHA256

      d7a703bdc04486fef208e19880d4a5437d2e7dd983d3d722e897ac0e42a5ba4d

    • SHA512

      b103e53f465d365c3cf17fdc395b3bc5c9173703dc40862c873f0081f2e422b72f5e7301b596145483d09ddeb13a855c415e5a1d45ebbe38cc08e1cd7d88e1dd

    • SSDEEP

      3072:nQIURTXJHgueJef7JtOafRypSf3DKr8TStq8duqTe1rXrQX:nsCPG7J34pS2riStq1TxrQX

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $PLUGINSDIR/Install.dll

    • Size

      258KB

    • MD5

      7b915d6227d9f4dfe30b9f979f5976e7

    • SHA1

      6157749d1e4432227d226457b247472f0b9697a8

    • SHA256

      4b74e01dc6fbdf0fad39e6e68a498dfa7708098a87d945ae0da1b8a20fb272cb

    • SHA512

      8f6b3e14a0f505eaf3be21dd1d0ca022e9006bf599d03f0d7cd54c61514b79236f2b3b7333107902b3d72c9ad2a7255b184137c9836b2d0d5ce3ef4459461a88

    • SSDEEP

      3072:QrszqM+KaRtkXTQKiW5pSMTIY2RayNTOZ8tFNF5Rao1iv3/PmBGUr8ak4WYOMnV1:RzqzXEftTgRayNyZO5rA3/+ludMnL

    Score
    1/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $LOCALAPPDATA/RavenBleuSA/bin/1.0.13.0/RavenBleuSA.exe

    • Size

      764KB

    • MD5

      995bf4913243264269bdbdf64b51f94b

    • SHA1

      7900da0497452d6ae674a600d8d4d07eb6aca750

    • SHA256

      cb87f79e5c9245b6d361ad598996efd2482f0edbc9fb4ebc6ac1217c1be76234

    • SHA512

      279cdae4bb0adbdc5479f84171077ef7e2a522e84f2c6029c35392c19557844093d49a5f7836a792865ba6a5f6ddad162b521a3fdead5762dd2e5b5e8498dd1d

    • SSDEEP

      12288:Crwkx1c6HZa3XNGB56PKr3WnQMHb/QPT1emBMuv60QxtXi4TadwdIwT2:Crwkv3D56PKr8Z/mT1LBMuvQxUmadvC2

    Score
    6/10
    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Target

      $LOCALAPPDATA/RavenBleuSA/bin/1.0.13.0/RavenBleuSACB.exe

    • Size

      260KB

    • MD5

      108df2be364ec7c3e9417cb7caf9aadf

    • SHA1

      cb0703e409bbd28c7041cbc66ad074b34a39a25f

    • SHA256

      ded374297284ce9a524743d9d9730bfd7a787bebc0cf7acf4dabfd55a8c05d2f

    • SHA512

      1cb271acfce9e17d39df873fb619f52166c23d4027c7e1e285dcc497e38cd4dfdbf3b5d3847eee8e2c294362f2b9df9b03c62fa130454063364d77f290f1a812

    • SSDEEP

      6144:tpohDE3wfcDmz/IMXoT6R0gSTic8opzaYvxmI74:ohAgf+mz/IkoT6ROTic8oPJf

    Score
    1/10
    • Target

      $LOCALAPPDATA/RavenBleuSA/bin/1.0.13.0/RavenBleuSAHook.dll

    • Size

      140KB

    • MD5

      2cef6cc7b42725191689e9b7ecd69cf3

    • SHA1

      09047798f121493295dbf9b1c2e51ab95fc52954

    • SHA256

      34cbaf88ee8bc9d8babf8126016aa78ff35a2cfb637269ddcd66ffd91a39eabf

    • SHA512

      6e8dcd20be46043ac7a2c5a07564c4116496aa471d0efc45499b34199f83853b7446d2489dcd73c7a41d182e0f1ad5cea6fd3726e66e2481a7a1a41380c5f9e9

    • SSDEEP

      3072:/dhC5CQk9kEGpfWGCkjiXptD3brxNXlvkH8htRFsmn:Fh4Cl9tG1bpYtTb1N5

    Score
    1/10
    • Target

      $PLUGINSDIR/Install.dll

    • Size

      258KB

    • MD5

      7b915d6227d9f4dfe30b9f979f5976e7

    • SHA1

      6157749d1e4432227d226457b247472f0b9697a8

    • SHA256

      4b74e01dc6fbdf0fad39e6e68a498dfa7708098a87d945ae0da1b8a20fb272cb

    • SHA512

      8f6b3e14a0f505eaf3be21dd1d0ca022e9006bf599d03f0d7cd54c61514b79236f2b3b7333107902b3d72c9ad2a7255b184137c9836b2d0d5ce3ef4459461a88

    • SSDEEP

      3072:QrszqM+KaRtkXTQKiW5pSMTIY2RayNTOZ8tFNF5Rao1iv3/PmBGUr8ak4WYOMnV1:RzqzXEftTgRayNyZO5rA3/+ludMnL

    Score
    1/10
    • Target

      $PLUGINSDIR/LaunchHelp.dll

    • Size

      66KB

    • MD5

      70dd6708ae72686b372579d82e77ea91

    • SHA1

      bfd7885d5de6c2f0eeefacd51d902a527ddea06c

    • SHA256

      73637709cf3011256c85a1663f6ceeac86985575e94a49c0f3667b1603e78fb8

    • SHA512

      317b842faafc7a45a234074d0c5cd93ce81a6fbb3dacc04842d7d94ced468fd24bd197020203382a2114efc77571e05e34ac635f34b69dc1a0ecf8f269b45d2a

    • SSDEEP

      768:0AVPzAnhYtIvY/09Xa/k1ZfEkO9QNxhJOfLYwLgEnBC/tkeeX+AiOUEDInqUC3K7:0GzrtIiMjHQfLYwLJnI/tkzWJCS

    Score
    1/10
    • Target

      $PLUGINSDIR/Setup.dll

    • Size

      70KB

    • MD5

      cbcc35c932b856814c67c8629295ea1c

    • SHA1

      79a0b7dd1deec46c99ebde57b015d18c5265e65a

    • SHA256

      d9efa9e110f991295cf8daff05307b603a82d009143860591e38d9f9755a97ac

    • SHA512

      4de2d690817f6775168169283f11910f1a4d24aa4c86fe26442f7af7e12e91a6140256f12cec38480d809648a5a13a1d8077075c0e767b12924a90d0c8f95827

    • SSDEEP

      1536:Y6p+8HGenOtDZinvp2oYeOn+jidvjw5yok3BK7MX:YWvEveOpd80vBK7M

    Score
    1/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $PLUGINSDIR/inetc.dll

    • Size

      72KB

    • MD5

      db6fa5497746c30f657d4f5273d4cf9d

    • SHA1

      097b939914f2f12f5cfb7648359d0c6d95deb0ae

    • SHA256

      c7d9989d927b4e0622983bb1fabe26d0c8a45c217b93f837e1855af76edb040a

    • SHA512

      75d19d6161ac4648855b197ff02e326bd4b751e00e3ebbbb054124af50f89827c0f7676ed7ef6f8613f0027e999720229e2ebac28f156e57993d83bc7f318558

    • SSDEEP

      768:wMWMshg75NF64QY04Xod0YmS4uYjHIyUg5luHT3W/Ipz6BTpeRpl/i5kUykfIq:washg44k44mnjHIigHTW/Ip0TpMy5/

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks