Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

8891f4022f...18.exe

windows7-x64

7

8891f4022f...18.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

FunshionInstall.exe

windows7-x64

7

FunshionInstall.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8891f4022ff23fbf7e4c783ecb318b46_JaffaCakes118

  • Size

    1.3MB

  • Sample

    240811-cgs23szdll

  • MD5

    8891f4022ff23fbf7e4c783ecb318b46

  • SHA1

    86a70dfca73d529d95c39418df80376b1e29de02

  • SHA256

    ef35ac2b2e72a54b987a95682fc47faaa06ad0e93520e8122e933702dfdb117c

  • SHA512

    b081a397077ed18e1c3fc6f0ffcbdae9282310db6d6483f32a8c37006ffe166bb265c2c6dcb20acff5a597c3b8785103091a7d6e21be301c6ab2cb5b736dbe9a

  • SSDEEP

    24576:/RXutlSbt0UXW7ISMBG4ywCv0GRxrwaL8vHy3MGC:/kg+b7uIxwaLOS3Mx

Score
7/10
discoveryupx

Malware Config

Targets

    • Target

      8891f4022ff23fbf7e4c783ecb318b46_JaffaCakes118

    • Size

      1.3MB

    • MD5

      8891f4022ff23fbf7e4c783ecb318b46

    • SHA1

      86a70dfca73d529d95c39418df80376b1e29de02

    • SHA256

      ef35ac2b2e72a54b987a95682fc47faaa06ad0e93520e8122e933702dfdb117c

    • SHA512

      b081a397077ed18e1c3fc6f0ffcbdae9282310db6d6483f32a8c37006ffe166bb265c2c6dcb20acff5a597c3b8785103091a7d6e21be301c6ab2cb5b736dbe9a

    • SSDEEP

      24576:/RXutlSbt0UXW7ISMBG4ywCv0GRxrwaL8vHy3MGC:/kg+b7uIxwaLOS3Mx

    Score
    7/10
    discoveryupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/Banner.dll

    • Size

      4KB

    • MD5

      5ce60830e6db34a33f12be5018b21ca2

    • SHA1

      1a4f855b358884d0c67053ec606a5a68aadf75b8

    • SHA256

      8a039174ce882841a97df0871f94e22ebfc5111ac614eb05baf10cd1fd5d8c1a

    • SHA512

      e6590fc8c365e98c6eb59ffcfab6931423b0603ec68b5c10f38004b879c5f3af3ee05d89b88f6fc480236abc9af4945e3146e9017bbd94ca8deac02145b7d903

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      FunshionInstall.exe

    • Size

      1.8MB

    • MD5

      246f26a450102b53e87f360c6c328f66

    • SHA1

      fa8f3a51d31b785c7865771fe78c1287f324b35a

    • SHA256

      ae36ddd69548deb664d26a0e2a800af4b01a04d13ea3e1b997da14c4a365c0b7

    • SHA512

      daff81fce5b947ec1ef7c336ad04da9556cb7fafc07d81408aaacedf2e41c398eaa4c2e2de9a076244a6812e9033db6426c2954d03008d0d857c55857ea7e7a7

    • SSDEEP

      24576:u8ld8XDqQDbBpDqQDbBc1JV+sk3/4gnwR7mO/+3GUbhBifT0EPVQwEJRYbRwAzfD:uqd8XxpxIVU4gwOGeLaPbRwaixwV

    Score
    7/10
    discoveryupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks