Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cf1a7cecbefc3fc6abb7a8c9a8a56222_JaffaCakes118

  • Size

    3.9MB

  • Sample

    240906-kal9yswdjp

  • MD5

    cf1a7cecbefc3fc6abb7a8c9a8a56222

  • SHA1

    19e6e8b732e3d9d0e8192e52c31cb225804a27db

  • SHA256

    fa027c15cf301bc64327eff17dc8290e09c8b6ce3cf6f07a604bf9c328334ceb

  • SHA512

    6ee924e5d67e87ad851688213f79728031fc216904a797db8e6c3b6d07aed3150eea1cbcd5e53da7c95729a3b418988838006b636012aa51c7ef9096d3e73e5c

  • SSDEEP

    98304:PK+gWFrKZxApUQT4mOcbRFCv/+hHpSMOVNy:PK+jKY1LBbTyNMOLy

Malware Config

Targets

    • Target

      cf1a7cecbefc3fc6abb7a8c9a8a56222_JaffaCakes118

    • Size

      3.9MB

    • MD5

      cf1a7cecbefc3fc6abb7a8c9a8a56222

    • SHA1

      19e6e8b732e3d9d0e8192e52c31cb225804a27db

    • SHA256

      fa027c15cf301bc64327eff17dc8290e09c8b6ce3cf6f07a604bf9c328334ceb

    • SHA512

      6ee924e5d67e87ad851688213f79728031fc216904a797db8e6c3b6d07aed3150eea1cbcd5e53da7c95729a3b418988838006b636012aa51c7ef9096d3e73e5c

    • SSDEEP

      98304:PK+gWFrKZxApUQT4mOcbRFCv/+hHpSMOVNy:PK+jKY1LBbTyNMOLy

    Score
    7/10
    • Loads dropped DLL

    • Target

      $PLUGINSDIR/NSISdl.dll

    • Size

      14KB

    • MD5

      a5f8399a743ab7f9c88c645c35b1ebb5

    • SHA1

      168f3c158913b0367bf79fa413357fbe97018191

    • SHA256

      dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

    • SHA512

      824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

    • SSDEEP

      192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go

    Score
    3/10
    • Target

      $PLUGINSDIR/STWSetup-IEFF.exe

    • Size

      911KB

    • MD5

      88ccc2784d4a560c1ae8e39ee2793e79

    • SHA1

      c7b35961ba8907acb2b2713c7f4f028c6c69e98f

    • SHA256

      ec679df15856afe81d254824e1efe9c31bf263116b6dbc95a7996342a12dc823

    • SHA512

      0bb3c1538439f428fa54572982dc922e5ab418d19ae82d775ba52c3bbb3cfbf8f06de6664ee4edcb0610719f5b662430ef0bcf1801586f7a0438908598b36d61

    • SSDEEP

      24576:TMjh5b3fJRsG2jPounorrZQ1lKUTH7MGbER/QH:msG2jPounorNQ1lKU/MGbEZQH

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $PLUGINSDIR/StartMenu.dll

    • Size

      7KB

    • MD5

      a4173b381625f9f12aadb4e1cdaefdb8

    • SHA1

      cf1680c2bc970d5675adbf5e89292a97e6724713

    • SHA256

      7755ff2707ca19344d489a5acec02d9e310425fa6e100d2f13025761676b875b

    • SHA512

      fcac79d42862da6bdd3ecad9d887a975cdff2301a8322f321be58f754a26b27077b452faa4751bbd09cd3371b4afce65255fbbb443e2c93dd2cba0ba652f4a82

    • SSDEEP

      96:2fiqP7bO2qHkAC40KhvSE+6nrxtMn0iGd88qRLqtJ1tbRhElfRx2:siqP7OHX1Q4xtcf8qo/ttgfRx2

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $PLUGINSDIR/WSInstaller.exe

    • Size

      108KB

    • MD5

      8966b7976be47a04b0cec6b40cd51282

    • SHA1

      7e1e7b11544e7ed54a6df1e89d8b051b4856b246

    • SHA256

      3b5eaa25c6f8de14ca21af058bda116fd1de1c4cc0daf65f81d9b9896c9f78d8

    • SHA512

      514a72a71ccb5647ceb057a6eaae05d5a86e6ccb62eca1575caae93248d9c41a4a7fb287c68ff0203f023c34f480b49638f903ddfcf0453a7920318540850e9e

    • SSDEEP

      3072:ZrQcVs55GReMIHFJhJ6uwouttbk6MG5vPIP9r:ZsnGAMIlLUuwoStbk6MG5v89r

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $PLUGINSDIR/WeCareSetup.exe

    • Size

      1.9MB

    • MD5

      d811e82d6bcd53ab7c60c59d82ba81c8

    • SHA1

      b2821560debdd7898e884b038235bd8fe3030d0a

    • SHA256

      c49533ccf494e50216f1d997508ea08660a63d186061cf780b762280b25a4176

    • SHA512

      96f6b086e75a4a061528df8153f17e0d9ae446209fcb8afdbdcf395215f4f87ef5a6409fecb6b14e75e0e9c8e6cc18da064c3deccbd04858b03b9a0a2776a9d0

    • SSDEEP

      49152:6icfbB4vVsCsBg7eH2U41Ysf3mKXEbYeDhd2FJ6kz/JlWSNH:6iObusB0eH2U47+KmPiNN1

    Score
    7/10
    • Loads dropped DLL

    • Target

      $PLUGINSDIR/inetc.dll

    • Size

      20KB

    • MD5

      9a7d35d1e9e5dfb6a7872d49cf64db83

    • SHA1

      4da9dd5427c0fdfa2cce3ee29ac5147b74ff3834

    • SHA256

      c7a365c50611e7b3bbec6f73e9b33fa83d9ca91c34cde67969cd7cab79293160

    • SHA512

      cb98bc94b883ecd88102a017de484560085c0f70fa379489618cc10c017d543e53b12502a0a7cae49682887676c4c590fc481ab9cd531467b1d090499783db3a

    • SSDEEP

      384:qYJFIiP3ZudtjmSBSWY1IAxNOzqXBrxzs0UhU7ya4LH0Ac9khYLMkIX0+G0cgLGh:qaBcdtjmsSW6IAxNQqXBrx40UhUua4Lx

    Score
    3/10
    • Target

      $PLUGINSDIR/md5dll.dll

    • Size

      6KB

    • MD5

      0745ff646f5af1f1cdd784c06f40fce9

    • SHA1

      bf7eba06020d7154ce4e35f696bec6e6c966287f

    • SHA256

      fbed2f1160469f42ce97c33ad558201b2b43e3020257f9b2259e3ce295317a70

    • SHA512

      8d31627c719e788b5d0f5f34d4cb175989eaa35aa3335c98f2ba7902c8ae01b23de3ccb9c6eb95945f0b08ef74d456f9f22ca7539df303e1df3f6a7e67b358da

    • SSDEEP

      96:GL2PcvGn5olZMTZxEp8agTsflVwn4GogZcko5N1ub:U2Pxn5UZMTZipyaw4ZkKP2

    Score
    7/10
    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      ReadOnlyInstaller.msi

    • Size

      4.1MB

    • MD5

      d22df2c75a529bfb101aa8434f855358

    • SHA1

      02e59f189a863d8fc8fea73fb52b7d9542f214c5

    • SHA256

      2407a69d5dc0409a465a0378f5345a7a13bd5aa7e5f4561a0fb9987a9fe7a21a

    • SHA512

      87d1b41f1aebee51d1a48f335ecb341c62886258f53c1ca133f2fdb116074767ccedb9dcb21f912649253fa1657d687329c578c60864388d57d70bf58332c0be

    • SSDEEP

      49152:rMfVBwVPCsC6uh2ZVZ/c/yEn6z/LX+RbS2MNFoo:reVzsC6uh2ZX/czn4LuRZMNFo

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      $PLUGINSDIR/inetc.dll

    • Size

      24KB

    • MD5

      1764c943028e6cd9b6b2c0e0ce5fbcf0

    • SHA1

      0cf2d2909046e06d929f879846a8a24560c5dc52

    • SHA256

      9cc6c754782f553da45fda2f720cad17e2399aeb08e6cb600477cf6c6f69e63b

    • SHA512

      7584aa3885bf6b7ebbcf82e4a346e2ea6d4740a55a421938d02ba8b93c901de6f8c314fbbaf1d8a8f6f61eaa30fd45ab93efd48e2f6e487fe3e0d427fbcea94e

    • SSDEEP

      384:0uKxsWTuUn/AjMn/JM07fx186vZPiMUTMF690Ac9khYLMkIX0+GvQWXEhY:07xsin/AAnRtfY6EMSMg

    Score
    3/10
    • Target

      $PLUGINSDIR/irtr-gfg-zugo19.exe

    • Size

      713KB

    • MD5

      edfe8beafae93f1890e314a8d96c424f

    • SHA1

      402a02d0cd224c837971217753250f478bb5e16a

    • SHA256

      7fa2e46eeaf269a72a57d2a1a5a3ac98e682e455327fdaa3b0718c8c152aa82c

    • SHA512

      563c6ad63f30e64e7f5210f7e7016f0668e85fd0fb330db3a5322b7caf65190451468e9b0cef22638c0aa277da16350de33ecb64f6b9110ffde04cb0372d9fb2

    • SSDEEP

      12288:BKm8eMh9Oqt4GrRzWAVdrnab8m+NCe6UwuGVTLfpvEv0zJa2jgVICiC:BKm0h9IGrRzR0bUwucWOa2Qn

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/KillProcDLL.dll

    • Size

      20KB

    • MD5

      de2b06d8abcd4a1d3330e415ce638a6a

    • SHA1

      2f1bf738915b288530dedb861f4ea4f60069a91f

    • SHA256

      8f62633831a326174f05e89503e42a493aa834fa6d7ba7138d9d57ac5873512d

    • SHA512

      8dbc0edb71d6acc327418270b33d5627d7940ce406e54152af9f6c8f6d90c7239aa647a0e1f4769d0aa8bd3e38d60643e6356ff7a5ccf7dc44c5617f72277b70

    • SSDEEP

      96:J1szPlsFYmIGExrjwIqiwZePAYyU76b+4d:Juztr+8wzg7xN4

    Score
    3/10
    • Target

      $PLUGINSDIR/Math.dll

    • Size

      66KB

    • MD5

      b140459077c7c39be4bef249c2f84535

    • SHA1

      c56498241c2ddafb01961596da16d08d1b11cd35

    • SHA256

      0598f7d83db44929b7170c1285457b52b4281185f63ced102e709bf065f10d67

    • SHA512

      fbcb19a951d96a216d73b6b3e005338bbb6e11332c6cc8c3f179ccd420b4db0e5682dc4245bd120dcb67bc70960eab368e74c68c7c165a485a12a7d0d8a00328

    • SSDEEP

      1536:0P43WZ4Ql60gam+2MwRmPeqFVHbQH0ZZ1Iet:0wU609VMH0T/t

    Score
    3/10
    • Target

      $PLUGINSDIR/NSISdl.dll

    • Size

      14KB

    • MD5

      a5f8399a743ab7f9c88c645c35b1ebb5

    • SHA1

      168f3c158913b0367bf79fa413357fbe97018191

    • SHA256

      dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

    • SHA512

      824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

    • SSDEEP

      192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
7/10

behavioral1

discovery
Score
7/10

behavioral2

discovery
Score
7/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
7/10

behavioral6

discovery
Score
7/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discoveryupx
Score
7/10

behavioral12

discoveryupx
Score
7/10

behavioral13

discovery
Score
7/10

behavioral14

discovery
Score
7/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discoveryupx
Score
7/10

behavioral18

discoveryupx
Score
7/10

behavioral19

adwarediscoverypersistenceprivilege_escalationstealer
Score
6/10

behavioral20

adwarediscoverypersistenceprivilege_escalationstealer
Score
6/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

discoveryspywarestealer
Score
7/10

behavioral24

discoveryspywarestealer
Score
7/10

behavioral25

discovery
Score
3/10

behavioral26

discovery
Score
3/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

discovery
Score
3/10

behavioral30

discovery
Score
3/10

behavioral31

discovery
Score
3/10

behavioral32

discovery
Score
3/10