Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5f614b3d2a686b4995c38b91324d8fdb_JaffaCakes118

  • Size

    10.6MB

  • Sample

    240720-g8z2xstfja

  • MD5

    5f614b3d2a686b4995c38b91324d8fdb

  • SHA1

    72c298fb258d9e318aba64e900e91f3174cb2dbe

  • SHA256

    531313033fdb71c44c0791f56679e55c36f06fa6250f90f68ebaf42e7a2a044b

  • SHA512

    778c0d3ac4a7091cd09a5a9de4b3e41ea7c94c334af6219c85cf2f275feb3345adb42221193f6aac14e84fd1110ff52afb14cf24a7e7333bcbdf60fedb41681c

  • SSDEEP

    196608:NBHC8KwHrU6Ery5NXJZzkl3fP0puCSe3xb1WujMYJroJiPEgI2fPZdms:DC8K6rery5ZDzklPMpuCl50uXozCPZb

Malware Config

Targets

    • Target

      5f614b3d2a686b4995c38b91324d8fdb_JaffaCakes118

    • Size

      10.6MB

    • MD5

      5f614b3d2a686b4995c38b91324d8fdb

    • SHA1

      72c298fb258d9e318aba64e900e91f3174cb2dbe

    • SHA256

      531313033fdb71c44c0791f56679e55c36f06fa6250f90f68ebaf42e7a2a044b

    • SHA512

      778c0d3ac4a7091cd09a5a9de4b3e41ea7c94c334af6219c85cf2f275feb3345adb42221193f6aac14e84fd1110ff52afb14cf24a7e7333bcbdf60fedb41681c

    • SSDEEP

      196608:NBHC8KwHrU6Ery5NXJZzkl3fP0puCSe3xb1WujMYJroJiPEgI2fPZdms:DC8K6rery5ZDzklPMpuCl50uXozCPZb

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      $PLUGINSDIR/BDMSkin.dll

    • Size

      1.8MB

    • MD5

      3f6dc271f034861cb4be850a816105e3

    • SHA1

      d83f7a11d47d4668737ff64139870bad8a8722a0

    • SHA256

      4f5d4dc959ccb0f201b2f2c761c74f6284ec90fe4d05e11813c63f584356205a

    • SHA512

      2149b342a8bb8486faf3e7ffe43b6fe66bad4b93512ed668caccdf63399a48411b92b31c99a018c92e4590584d8c0111a483f8161ec179d5f92aba2e398fa76a

    • SSDEEP

      24576:l6HdOqkMfbZu853MkOiJnzC5LLpjA1Mr7zcy9apk/:lidxZuI3EL5A1y7zcy9apk/

    Score
    3/10
    • Target

      $PLUGINSDIR/BaiduReport.dll

    • Size

      355KB

    • MD5

      33ac85604ff109e2a297c03fc1037bf1

    • SHA1

      02be88a95fc04ec73c4ed33601f832e86d5f0bb3

    • SHA256

      47c64647fe2ef3215e919295fd3627b25e85877a690d2ba940f4177cfef2678c

    • SHA512

      80c3428e0bd0585f2c4076fc814b638aeab637b2a56b37febef08f75fad426b268fcc2409cc8d09738c23ffc7d56250683b157a5e452b4b43a2bf88d4f489826

    • SSDEEP

      6144:KceTKy/7X/avkVeQtYto8qVTBT2RL2f1QoCOdGnZfCH:KciK0+vAeIYto8qKRL2f1MqH

    Score
    1/10
    • Target

      $PLUGINSDIR/Base.dll

    • Size

      777KB

    • MD5

      6fdcd6d9faf849ecd71d4fa329969780

    • SHA1

      3480193f5e7a37bf8a01f728566b48d56850749b

    • SHA256

      a31fbc3014712fca12637400897816c41f65627434bdde1f4c8c0c025f08bad2

    • SHA512

      5a3ddbd1abda841bc06c210f612cfde3a48016991ea6a8dc5ee00574aee1904c70695226490986465c950bf09564bf56715d2c25fcee9931f33b82dcefc2c111

    • SSDEEP

      24576:FodWvihKLAwxzNvooB5aOelmGEpNlOgj8JKHTc4pE+uRxi:FodWvCS3xzOA5mEpNlOg4JuTc4t6i

    Score
    3/10
    • Target

      $PLUGINSDIR/InstallHelper.dll

    • Size

      242KB

    • MD5

      f497a1c6f5f1faca1a05fbee72abc07a

    • SHA1

      3af6939afd2cdfc3eb7e9f6ff4cf26d254f97923

    • SHA256

      ec6a6f16902d84802d0a744a6537d7bebe40b4ad9c8bce4de012c3224c98030c

    • SHA512

      3a523e91cf7e4bd3c83f4eb9a861f410fb2be7367514cb7cf9c47f9f6aa3bcf200640c53bd96acf11f2177938b27cad033f361d67eb6098cb40eb3538292d8ba

    • SSDEEP

      6144:B8Xjcb+BQhwGScybmUSfTkOwHdA091MCOqHmHFM:7+slVLyAWVGHFM

    Score
    1/10
    • Target

      $PLUGINSDIR/Protocol.dll

    • Size

      355KB

    • MD5

      a0ec723d41810478bb659a85e4e92f3d

    • SHA1

      24cc9fc77abcafe0dd1c5a4e547a8b4efd63c85f

    • SHA256

      dd57149bfa1348e482afddbbe79187527cbd358cdb3036fdf4e8b9f446d020cf

    • SHA512

      ed98dff026eff8501a526dc36c5f68b63adc5a1704881015d6a9f7af53e5a3a47da6aad8d054b7f7cf0821f479a016f45ad20a1b201c263a09cf8265cd772c4d

    • SSDEEP

      6144:9ibLrat+Zbe/UnSKeWWhaAIMsmg/wQ2h/WS8emoDCnD3h7xKYJd098jOfA7Ku:9uzyXXJaAI+qh4SWDCt7xK00yOu

    Score
    3/10
    • Target

      $PLUGINSDIR/Report.dll

    • Size

      108KB

    • MD5

      4ed3f52e01ac04d6b1fa05ff8a41c2fe

    • SHA1

      9c363a2658db7deffe5358634320671ef6fc7664

    • SHA256

      542440c178b553d4a1b01d83f05df6a1ba842571f4a9f90b06fdceab06336fe1

    • SHA512

      8fcc515adc959c5b07b4c94400f6e39d75d9ba8a9556d7f4df8891a642b967f13b9f8302ff56bebac505a8a73a3bd4980e29406ccc918fb1dd3d7acc69f776ff

    • SSDEEP

      3072:qx+DzZ3n2kLIJ+yAnc/KCe6nqMaEnb5hZ12p3ou6OfGHSl9B4:qx+DF3n2kLIJ+yAnc/KCe6qM1NhZ4pYf

    Score
    1/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      17KB

    • MD5

      bdb492684b7a99ee0aa1d10c1f8bf702

    • SHA1

      c7b8a53cf1481df2a4a7eb11aeb824ff8b3a4698

    • SHA256

      4919ffc0acdada4f18469d7fc76abaec4584b99709bbd276c6e9a8043be76481

    • SHA512

      479f996f7dfbad9fff8f4bf3493dcaaa680390919233fb875d08efc0e6b71a94db9eae510091496a4c99e09ed793aae87ef64bd80e55cbf94823848d2edc0d20

    • SSDEEP

      192:mN2gQuUwXzioj4KALV2upWzVd7q1QDXEbBZ8KxHdGzyS/Kx8nYe+PjP5rr0u+vsW:9JoiO8V2upW7vQjS/dnYPLtjeMUt

    Score
    3/10
    • Target

      $PLUGINSDIR/Utils.dll

    • Size

      928KB

    • MD5

      9ac5812dbee6e04f5d818dc5afb46480

    • SHA1

      5232fb8d2ecb4cbbd52054741282cfb86fdd6e9d

    • SHA256

      77ec589230c246ff136b9abe22691e978c30aff7c3e222be34195a671c8b3d8d

    • SHA512

      970dd347a9d1a22dc02fba0ad1d8f7ac16c00dfca97045de5453ef8c7f64fac019d89aa2e1c69fb10ea3a29388a52c163da904d7b5abec95c18f0981a054c0e0

    • SSDEEP

      12288:E1mKijkRUJo4KTYogByju3J/QkQeGtNNjeDsVtq5Dz0BTCK0YssuvPThzxfDX:E1NioRvu2EDz0B9FuvPTNxfDX

    Score
    3/10
    • Target

      $PLUGINSDIR/msvcp100.dll

    • Size

      411KB

    • MD5

      bc83108b18756547013ed443b8cdb31b

    • SHA1

      79bcaad3714433e01c7f153b05b781f8d7cb318d

    • SHA256

      b2ad109c15eaa92079582787b7772ba0a2f034f7d075907ff87028df0eaea671

    • SHA512

      6e72b2d40e47567b3e506be474dafa7cacd0b53cd2c2d160c3b5384f2f461fc91bb5fdb614a351f628d4e516b3bbdabc2cc6d4cb4710970146d2938a687dd011

    • SSDEEP

      12288:Seb8zxr1aWPaHX7dGP5frhUgiW6QR7t5qv3Ooc8UHkC2e7wx:Seb8Fpa6aHX7dGP5Gv3Ooc8UHkC2ekx

    Score
    3/10
    • Target

      $PLUGINSDIR/msvcr100.dll

    • Size

      755KB

    • MD5

      0e37fbfa79d349d672456923ec5fbbe3

    • SHA1

      4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

    • SHA256

      8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

    • SHA512

      2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

    • SSDEEP

      12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z

    Score
    3/10
    • Target

      $_15_/Baidu/Baidu/plugin/extends/game/1.0.0.3/JoystickService.dll

    • Size

      172KB

    • MD5

      e658ff0dcf3df710575c08148fe8b476

    • SHA1

      e22a478cecb80d00e74b9f6224cfb7329aa89c1d

    • SHA256

      1e8676f20da79fbb0fef694be17ede1047d0d68e9c7d07b1dac4e7bec3c7ffbc

    • SHA512

      37f36be43d1393f0fc686e13fb56bf1412e2e7c637a74b7274a9adfc44a342bf5c5745750628dd4cecc20ed0a79342bda22ae2d6b58c245da1f1dc12bc6390c0

    • SSDEEP

      3072:3xFZpErmhoqx+16K8FCH/cpuMF6/G4JKmqDiyOoCJWNOfiuUyqtziX:3xzpErmhoqkzU36/G4IYysANOfFUpiX

    Score
    1/10
    • Target

      $_15_/Baidu/Baidu/plugin/extends/jietu/2.101.0.65/jietuDll.dll

    • Size

      78KB

    • MD5

      cb2890bd544ecc0d442bc09429e2099a

    • SHA1

      bd45300e1d7b8c79aa0e14c1dd59ae7c24d4d7bf

    • SHA256

      a7c0f7988c03bb47b691bf7089738d67f0f31366cb1a8a4aefa18ed3914b7388

    • SHA512

      e8e15555b62b56fdfc15eb109308075650d96dd0415cc508a865ec69151d2601d2ce06b943822b6b74057abf8033c93ccfa54bfe4f90308959925793a13a70b2

    • SSDEEP

      1536:ZfoGCAKT/A2Nu4ESO2C5Cfv9Uc04HSzt4tJhIxtrE63TOfDOak0:RoG9KTIZ4EShC5Cfv9Uc7SuIrE63TOf+

    Score
    1/10
    • Target

      $_15_/Baidu/Baidu/plugin/extends/jietu/2.101.0.65/screensnapshot.exe

    • Size

      846KB

    • MD5

      0d6565a576325305206d93f153ad908a

    • SHA1

      423c5f1bd4cd137dd78015bd8bfa038c04011878

    • SHA256

      57ae5705db88a7bb6e8dd99c5d788b43d384b7759b6da206f292f71d81aece74

    • SHA512

      947f5633e49f7f0a6cba97c8caf0de2d820613f1de20faf7ca295e0089b23ac663f74610d5395281d200b1a98623dbf72e552c2c7e7540dcc0b84c1cb6b36617

    • SSDEEP

      12288:s8YZO9vzsHTfjnqJp0BJ1lJJgeUoMXay9a0DFsNXM77WSjKR1t0+zXZMOQqFTRjz:sDJ6eXMqy9aSsNOySjKRZeOQ02PE

    Score
    1/10
    • Target

      BDDocker.dll

    • Size

      133KB

    • MD5

      bac4430b877c7a7971f985a132cb7744

    • SHA1

      8bdd4e5844d57638f9208e793dd33ff0825adff1

    • SHA256

      c887bc567dd5c134389438ed65f9bc357458eef32195974d4c521ee051e21a3a

    • SHA512

      012b60e1bd60b0ed846b05d8381a4f74b6b68fffbaab72c77a7d8ae29316148bbb59f5b6d3031ced1553c44530bcb09bb867fbe18f1a9965f75201e06fd56cdc

    • SSDEEP

      1536:F+wpxI0iilTx2fv1JgGq22L3Ofe+Knum8FoqXmPZxRVHGBAHhY6hI32nK0E+MNn8:F+4xI/2TxK9vM3umwoFR6Gh0yK0Efnn8

    Score
    1/10
    • Target

      BDDocker.exe

    • Size

      41KB

    • MD5

      a6101f014755b9174d9d371ef00d5336

    • SHA1

      9c12ec0682bc1d72f231322c579e507679703f40

    • SHA256

      b32a9676d46340936d617744f147b6bd236b173143541f5185422e0d4d69eee1

    • SHA512

      1ed8c9ecaacc196f8dd2c6f11aad5a1539546e3ca160cd93cb6e837cf78df9986ff3c7b5f19baf5f33c50dd60fc108d0a74ccb423bde48524f9161f83a874f74

    • SSDEEP

      768:l6GD0S62D92lCOdcIkle6004ITnyx4COY2oqVhQmOg0UrH4AI4Cy:lL0I49Mz4IGwbVOtUT4ANR

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

bootkitdiscoverypersistence
Score
8/10

behavioral2

bootkitdiscoverypersistence
Score
8/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10