Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b33e75eee001379c213f4b9a80863791_JaffaCakes118

  • Size

    1.8MB

  • Sample

    240821-nb2yksvfnh

  • MD5

    b33e75eee001379c213f4b9a80863791

  • SHA1

    b8e7e5be463293023b141ee13fd2a73c3c224731

  • SHA256

    c49f0320eeab8dd644ba344a2039b4de48a26ef77c05eb069721477f0cd182ba

  • SHA512

    dc6c532fbf796704c4e53d4db775b2e7b33a6189ce157878fbef558a19346ec0d95beb927a8232485f74847c05b80f58aca25658d9548e5ddc18b0d01cff64ee

  • SSDEEP

    49152:y0GAdYjF3hm9Y74R+rVuFhi9xj+wj2z4ThqYe:hdophmlR8LxjPRThDe

Malware Config

Targets

    • Target

      b33e75eee001379c213f4b9a80863791_JaffaCakes118

    • Size

      1.8MB

    • MD5

      b33e75eee001379c213f4b9a80863791

    • SHA1

      b8e7e5be463293023b141ee13fd2a73c3c224731

    • SHA256

      c49f0320eeab8dd644ba344a2039b4de48a26ef77c05eb069721477f0cd182ba

    • SHA512

      dc6c532fbf796704c4e53d4db775b2e7b33a6189ce157878fbef558a19346ec0d95beb927a8232485f74847c05b80f58aca25658d9548e5ddc18b0d01cff64ee

    • SSDEEP

      49152:y0GAdYjF3hm9Y74R+rVuFhi9xj+wj2z4ThqYe:hdophmlR8LxjPRThDe

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/AdvSplash.dll

    • Size

      6KB

    • MD5

      c152aaed8394cc372b720190af65f73a

    • SHA1

      ac6c786c054193187d1fa63712538b5cd8219cb4

    • SHA256

      db15e55dee9f7798e72a6947f3d6abe09fb6fbfc122b11ac7d425dc159cab50c

    • SHA512

      0e3cf9be421ba729a0597f274b1fbdc4880a45af84d85ba215700e415ed195752a12f2ee68d510d2dca449e131c449e4783ab2c4ff870e0d33859c919bb9175e

    • SSDEEP

      96:vQNyX2PtUZsMGe3SlFaqqhN51xWa5kkEkk/StCSwookyc:vFXYtxWSf61vk/kkStCSRt

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      4fbb4a2cd711fc1fe84f3dc30c491dc9

    • SHA1

      888e01ae6e64e7326f88df9a30587f699eab154a

    • SHA256

      c3b05f4faf5e8903d5b4cb4a8ce4bbf2e8144725b98d8787d51c117b6efa9bc2

    • SHA512

      92dcf99672a5935065df6492e27abb653679f1db6dcddfde87cd14260c94a870327826b23cc2f338381b3eb53d07c1a3867806f6ff94533db5195b895a856847

    • SSDEEP

      192:CO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1argMO:XKAFERdlxhGRYUzqZar

    Score
    3/10
    • Target

      $TEMP/install_flash_player_active_x.exe

    • Size

      1.5MB

    • MD5

      4c223aa3e559e2e88da3bb43f3604d20

    • SHA1

      a6d0f099262e9e7b9289b8a7bdcfa550821584ef

    • SHA256

      3896ac00208eebea9f62aacf09ccd7324fe86048bfbb20740b72c3874615878b

    • SHA512

      5f0c9721ad857990ae6d9420080cee0d39df70a15e07520f59682cf1a137409923e3ab4e8c0f2c27b280cdb0ce936223adda167236131981aff35830beda69bc

    • SSDEEP

      24576:3hgT1P7mw7Tc+cwff55v1zHX6mVQq1Ci5dlRR+sj9xDGr4KOaJi494+jU/9SIrxC:xgTzZXf5f36mVZ73R+99FWMIrxj+jYu

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/NSISArray.dll

    • Size

      17KB

    • MD5

      2b8574f6a8f5de9042baa43c069d20ba

    • SHA1

      07959da0c6b7715b51f70f1b0aea1f56ba7a4559

    • SHA256

      38654eef0ee3715f4b1268f4b4176a6b487a0a9e53a27a4ec0b84550ea173564

    • SHA512

      f034f71b6a18ee8024d40acd3c097d95c8fd8e128d75075cc452e71898c1c0322f21b54bd39ca72d053d7261ffbab0c5c1f820602d52fc85806513a6fe317e88

    • SSDEEP

      192:YAFuV2Ow8mbPNnDSnYJly4RX+VGeSDlsGUlyGaWNn3B3/WXZWsQs5PaqJ7En/5U3:YA4V2Jb1nDSnc+Zos1lP6Suhe/q9l

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      16ae54e23736352739d7ab156b1965ba

    • SHA1

      14f8f04bed2d6adc07565d5c064f6931b128568f

    • SHA256

      c11ffa087c6848f3870e6336d151f0ba6298c0e1e30ccddf2da25a06d36a61fc

    • SHA512

      15dbfcdc5dc34cb20066120045e3250f8df9e50b91de043f2ada33ac0235907d98668e248828a7ed9c75e25dfb5103b7248867530ce73ee36f6a35c30b4afa9f

    • SSDEEP

      192:HO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1a8gMO:GKAFERdlxhGRYUzqZa8

    Score
    3/10
    • Target

      $PLUGINSDIR/UserInfo.dll

    • Size

      4KB

    • MD5

      68d73a95c628836b67ea5a717d74b38c

    • SHA1

      935372db4a66f9dfd6c938724197787688e141b0

    • SHA256

      21a373c52aaecce52b41aebe6d0224f53760fc3e5c575e821175eee3a1f7f226

    • SHA512

      0e804deab4e647213132add4173c1d2c554c628816f56e21e274a40e185d90254e29c8bfc6fbfdfea2a492d43d23c0bfa4b276252a3f5e1993ab80ff832c4914

    Score
    3/10
    • Target

      $PLUGINSDIR/fpinstall.dll

    • Size

      8KB

    • MD5

      071b6233c92f69ffa1c24243328c3b94

    • SHA1

      bb583c00e87cdc65e6254c7148d37afc1bbb3095

    • SHA256

      5f6c63cb0ba539d692c5461730f057d0ec6c60639d772fbdc3753c3c6e746c43

    • SHA512

      7fc2db406350488ee86ccffe1e99a91e0f509ef0429063336bf6f96aab07127df352db77fe9d00ddc3aa2db7886dfbac08b6acf6a5c647859956111ca47c24f1

    • SSDEEP

      96:hluI9zRsuDjadgtA/L0XN4thAQ3y5k+29JdGn4GXONgYi0cXGburui:i0+uyRi4thMk79TGn4mdrXGbJi

    Score
    3/10
    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      e5f9d339d035e054e01648b4a00f8502

    • SHA1

      cce01d02210f0480393d9fc5289fa692ce7f34af

    • SHA256

      181d9ea85a56693e005d9991115e0d4179cf6bd0c18be71b19c69a330df70507

    • SHA512

      4af944a5a5dd7cea6a375e5d12dbf8be8bb6e8c60ac174d688f295aa6b2bed09fe686ee4c213fedb6013b58252a53acc7553a8e05e12deebebc6e466a4839f1b

    • SSDEEP

      96:GjX1XJX70rn3jud5ClMdOfHFI2NaeI0u1qND1qN3riUTEVX/cL1+:GDx1Arn3qd5ClyOtIs1uUhUZriUTEVXa

    Score
    3/10
    • Target

      Flash9e.ocx

    • Size

      2.8MB

    • MD5

      d3c50535c26190fead7785a03499c0ac

    • SHA1

      6a72eea0f62b60d71cfb9da60cab6d178b1fb78f

    • SHA256

      01ff419547aefb8e32715d3873540c058533ac6b0d301b1f98868aa6a17616a5

    • SHA512

      55b299bcad2c7c7506f8eef0aceaf8764aa0e19e9907ff79b7e3f108d81a5d6566211dc6e9cbd29d7f1bef8f5daad9bb888ec345aa21899ab28b45394dbc21f3

    • SSDEEP

      49152:bl6UTfZW48ixJH+ap+WqFvsyw2dHi1HyeYu/wP0cQvDYeKfih5T09Lv3TlRTM:J6UjZW48+J/pRovCJY6xO91RTM

    Score
    3/10
    • Target

      FlashUtil9e.exe

    • Size

      213KB

    • MD5

      55dae09cbe5fe5e8eb2698107c18fd0d

    • SHA1

      56935aa4cdd8d1f72c3a99fff3f1763d84e0310f

    • SHA256

      5dd0e697c9fc82ec0ac35f5cba293fb3ea431828ac46b0ffa16923dff51a3cc1

    • SHA512

      5cfc31658757b6118a3df9bb2ce966005add790027ad6d67a21e2381ea0e99a1e007f56b1efa4edf237b9bc99f5d288d417cf60187ca91fa757227e5b852e87b

    • SSDEEP

      3072:vLWFf7IzTbrFXLqWrRu4TBfVOuJuISrG98Mka3XCvHEH:FJLJrRTBtOESrV+d

    Score
    3/10
    • Target

      BlinkxBroadbandTV.exe

    • Size

      350KB

    • MD5

      bd2f6416721df0b07d02350359f9f669

    • SHA1

      2292c9d37e8b2a8c4a4c6249363c22dcc739a573

    • SHA256

      b41362bcbb5aed2fa09709964994075b9c59ac7d3dd926b1ee94c96dc61759e4

    • SHA512

      2a044cfeaa79fb4f3fb624052bed3cd78033c59f044e38c80779ec138a2229ec0a260d021761df7121a00a266829aca6f5974da6d60cb6dfa77076de7647d6d2

    • SSDEEP

      6144:zcG5HEI6K7F4vZhG6d1onsrjNP4/VJwarZYCPcRgzuxk4BrhdBsNpd/YWXokChKa:ziIzpsZhD549JwaVjN6CU3mND/Y2ChKa

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      uninstall.exe

    • Size

      55KB

    • MD5

      314e390f6ec6b3f0b0dfd38f8828f878

    • SHA1

      edc9beb21d5bdf7f8d04b4988c946c72b38bb337

    • SHA256

      8be9f2cd6e894f14c4f031207afa16fd0be4b5fd1ddb7587fc52dbc90ce3b941

    • SHA512

      5a0b0ee1d0eceaf4bcdb9012c891e2545b9b51a4ff59aa4e91a511086cd6cbc949745f6c1c2f57bb13881ba7e04180985744002e709373ee70df76945804a7ec

    • SSDEEP

      1536:ZXwjCzX139sZDM4y0DhmJFhkFUe1BgUyY:VYU94fDhmJFh0Ue1BP

    Score
    7/10
    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
7/10

behavioral1

discoverypersistenceupx
Score
8/10

behavioral2

discoverypersistenceupx
Score
8/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discoverypersistence
Score
8/10

behavioral8

discoverypersistence
Score
8/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

discoveryupx
Score
7/10

behavioral24

discoveryupx
Score
7/10

behavioral25

discovery
Score
7/10

behavioral26

discovery
Score
7/10