Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d21bb981dc95cdb2b00c6a2840f00205_JaffaCakes118

  • Size

    2.6MB

  • Sample

    240907-rebscaxfnk

  • MD5

    d21bb981dc95cdb2b00c6a2840f00205

  • SHA1

    8374dde3b6f497ece8b97da7abdd0370cdec17a3

  • SHA256

    d5747c8e8c82c82f3dbcd8ef656c5b6485d54b6598849ccd503e94955ab90450

  • SHA512

    24d2f7ce23bd03e5f55269e56572ad3b8a1ec7d9b569c2c7575d03e4036b19395bc92d151d5f4fc4284e8c02e3dcff24185102f04fdd7dabf5b8c9364fa5ff5a

  • SSDEEP

    49152:iUmBjvPogBwpIdL7hIT5ZZZRoey7ZqpiKANeMNr0CBO/A7a4OFy6IJHV2YmTug3:f0vP5BwpIN+FR0gGNeMR05/By6sVxmTj

Malware Config

Targets

    • Target

      AspSWeb.exe

    • Size

      688KB

    • MD5

      3b12a13eedbe6e6816f3cb62baf8751a

    • SHA1

      d02c4b830efa1cbce5ec39f71a2290a4d9ccb7e9

    • SHA256

      e6a580c6ed95ffb1a29f4a862370db60ea2295d75e3100b987196361f403d187

    • SHA512

      071220c5c2d6d05fb79ae96a48069a18a698d983adef7f588ce7672dc16a380f1e180ba167d1c66bef76f5dc770bab3f66244d87f41d944252f69be919350cec

    • SSDEEP

      12288:7/JFZqYMOaQ0q9nV/zsnK23KHVI6nodVdyMLiqyVcxwtVxgpMiuzOT6:7BFZqhOBnVyK23C6OoYMLiVcKtVx4Mij

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

    • Target

      _content/_Sort/AspCms_SortFun.asp

    • Size

      19KB

    • MD5

      894476d90f5f21473b1ce0c3ea98b0c1

    • SHA1

      4ce141373229931b414bc7aae2642c27b02247de

    • SHA256

      6d821ece4fcefa282f263fc5c41b79189af01c0c2c9d000613afac87f584df15

    • SHA512

      d1559e7d1b070d75dc24b692360233427a7c584041dc8a7e4af8b4eb79acf9cf63be9b74eb6d2c87a2ae5ba3ae3a22d2121c342410b3fe80c41a61f9e761cf57

    • SSDEEP

      192:MUZQ9Hpx4tMQBQtHbnHtmRoFQSMmCkfgKTGaEjTQBo9ZjT/UOtMxTEohmjpY9yi4:EBTQBsnYSFz3K9TnTYxTKpulY

    Score
    1/10
    • Target

      _content/_Spec/AspCms_Spec.asp

    • Size

      2KB

    • MD5

      ad1e0510b9d533b5a93d9b0e32e22b11

    • SHA1

      ffc75d167be8082813b9cb21064a7e374609fd68

    • SHA256

      fd240992a8edba32bbfecdbc047be74d68430183e9a7870678787b7b37c80d5c

    • SHA512

      2556c725688c473aacc6ab967e9ec0d61fe5c7b0ed9890ba539401a965fe4f89aa52eabb274da45b137b83bc742c65fb6ac879a4828fade7e580435dd21623d4

    Score
    3/10
    • Target

      _content/_Spec/AspCms_SpecFun.asp

    • Size

      3KB

    • MD5

      bd22c22bd26ceebe3cd41972ff63a627

    • SHA1

      f2dbb8948bec3ed2b288957c91f88e7f54608b4b

    • SHA256

      e36d5a3f7d979ee698727598251dec44099848335b6ca4819644cef2f523882c

    • SHA512

      15ffb71bd9fbe94457ffce30c6329fa8b91fdaa065b1b6bf8431e8a2c7e7e70128eb96ab513dc921b8a27392a5627dd914c9eb9a515e3e6a0c3fc8405cc733b1

    Score
    1/10
    • Target

      _expand/_statistics/AspCms_Statistics.asp

    • Size

      2KB

    • MD5

      b5b49ed78c7c1509043f3a20ba174e1b

    • SHA1

      41254063fd779b98d3499187a07db10bbb8e55ee

    • SHA256

      aacf13bdac65f608c8a63ff47e2f5306b0030ace42c48545b79ca17c17ef8de2

    • SHA512

      b802a5eac8239d8aeec9f9ab630b2af7557e09cf4ab982f46cd3e2fb6c00e9c36ddeb552abea9da4a50bab9d37038b87050c3b6c82fe36c10c692e22ecfa5243

    Score
    1/10
    • Target

      about/index.asp

    • Size

      572B

    • MD5

      ec37f45349e8c07a5b77c9ca8ab7a8b5

    • SHA1

      6a7a5b0e7d1eb8dbdb1cb8faf99e4e1ad2118563

    • SHA256

      ae68d1a804ac2f4bd88f64fe17587730f6e95f7eb4d06036bf8ed6eedf6a5a84

    • SHA512

      3188d1b3b5130ad18fffc45f8b6802783a87106bfda4891e86dff33b96a1a4a87c7d59716f4b0cbf1fe87cb9b5329f0824a3d971a25aebff2d7aa8abd1fe6fa9

    Score
    3/10
    • Target

      about/新云软件.url

    • Size

      133B

    • MD5

      4f0017b3b346bd0626f0c3b915e6e734

    • SHA1

      823bf3ff9e16cd636c9dc0dc690d6a586fcbfe92

    • SHA256

      df65af1fc1e09f6effbde7e0ef1cb64d6caeef1f62b0e6467821efa032533678

    • SHA512

      0f5eb5024cf6a0323f7998d419995a707c48de917a5899a185369e6acfeb17c09ffa03f7d110adc87b8de20b7d4bf30d50c72479bfb18614d2e21cbe169dc5a6

    Score
    1/10
    • Target

      admin/_adv/AspCms_AdvAdd.asp

    • Size

      5KB

    • MD5

      6475b14154092fa0ad4f96736b0a9ba5

    • SHA1

      a56517d198f8f2f72e9542d13777e65b0eca4fbf

    • SHA256

      e84cfd193c62a92b561bb7a714ae6f4d1422578bc4545f3dd9b015ca3dd86c57

    • SHA512

      9f726e8d8bc8c01cb799eced6b0ad66f04f3129d17566a46ac1c069d49cbe31af281b73f0dfcff4128ca0d2dec79c98f9ceb756b000c6cdda8298ece5fc05d43

    • SSDEEP

      96:F2VtN+97yBnyrly1yfynQy2y1yWyBysyrly1yMynQy2m0WFICMMIuJVdMdcsXrTb:AVjGyBnyrly1yfynQy2y1yWyBysyrly9

    Score
    3/10
    • Target

      admin/_adv/AspCms_AdvEdit.asp

    • Size

      5KB

    • MD5

      9f80370c065d5b1007d581573995fa46

    • SHA1

      41e5f445f50c52ea6808b3320050fb2e028150b5

    • SHA256

      2829d1c87fe7628b21511c518c533c03a1a41354b7202a6b0b2642e95f42e61a

    • SHA512

      fed246e6e0ad17f0ef6579476d20686863f8f4e2583d53ed7c8fe1a65d6204072ddbc9318f051ca1759fb3722fe331a51bd675f83ead2860b8c92426b4f3c57a

    • SSDEEP

      96:ZVtN+97yBnyrly1yfynQy2y1yWyBysyrly1yMynQy2mgWFHDMbuLSBM3ygXMddcY:ZVjGyBnyrly1yfynQy2y1yWyBysyrlyZ

    Score
    3/10
    • Target

      admin/_adv/AspCms_AdvEditDL.asp

    • Size

      5KB

    • MD5

      a87e86eabff617816fe14dc6704ed3db

    • SHA1

      b8531381a03b3ed967d4ffde99161e3b5cb57900

    • SHA256

      dc2100802004a392b4c25d3e389826b6411a39e436d855271d76a462ef3c0504

    • SHA512

      498b176315890e3848895f8202f33ebbd276f6e26bf7542374b58f35f16c00ba85978751e29747627c9ebba31d3f56708c6fc70e659d37fe9a7bcdea3badddde

    • SSDEEP

      96:CVtN+97yBnyrly1yfynQy2y1yWyBysyrly1yMynQy2mKW1PQQMJfl1/gOzDsWL6p:CVjGyBnyrly1yfynQy2y1yWyBysyrlyk

    Score
    3/10
    • Target

      admin/_adv/AspCms_AdvEditPF.asp

    • Size

      4KB

    • MD5

      7920fa0490efe8d64360a1a1337ecfcd

    • SHA1

      a2e75e3f4f4cc635dfd97dd465d73538ce594b4b

    • SHA256

      ffab8f1a925e64b7db80cbec9e9ba3a15f04350bbcfd7c51ea4d24afca1b4805

    • SHA512

      bdbb09d645654023ed479d1203d04c10eb542bc004fb26b61bf02265990d2310ae08d773948537e270c6f743042206fda391ac1117be3016ef758ae19fe43985

    • SSDEEP

      96:NVtN+97yBnyrly1yfynQy2y1yWyBysyrly1yMynQy2mhW1B7MgIfl1/gOzDsuL6G:NVjGyBnyrly1yfynQy2y1yWyBysyrlyY

    Score
    3/10
    • Target

      admin/_adv/AspCms_AdvEditTC.asp

    • Size

      4KB

    • MD5

      376fd27590db1190c9fce13455e3bdc1

    • SHA1

      e216e9e075ef655b27f3733e22b31beb16f03393

    • SHA256

      c476fa1bb7456875d3f980dbcacf6aa2ca884e902f15ee083c7146b2b188acda

    • SHA512

      80febd4510415d05dc4101cfd58aab02d8e664fa17ed97182359a05ad18f95a3f2d8bcc5197f8879e645769be466776e5dd33dc97b0740096eca7c99c84f625b

    • SSDEEP

      96:4VtN+97yBnyrly1yfynQy2y1yWyBysyrly1yMynQy2m+We9fl1/gOzDtq/mASAh+:4VjGyBnyrly1yfynQy2y1yWyBysyrlyp

    Score
    3/10
    • Target

      admin/_adv/AspCms_AdvFun.asp

    • Size

      9KB

    • MD5

      13d8da3d84ff6d89c3c4303c14d286aa

    • SHA1

      06c30f0f5a6be5e4650bea7912309d8b72ebd685

    • SHA256

      997ad194f0de972d94181fc0b109e4748884a31f66a450e54d1428d5f0e94a35

    • SHA512

      746507f50684c361a5b3d8d28a0fbff318addf1154cb195fce18c1d790a3f05ff94532dedb77496daf9a7344e7577549e7f9c8d36a4b2f9529d2b7d0df4588f6

    • SSDEEP

      192:LJma08cvZ9t9XPcuqGkagmcLABtvft3sWy98rDWE+REpKpLO6B5Eft3pTqQfFFh8:LgaOt9XkNGDy6ft3Ry9xE+HxHbEft38Z

    Score
    1/10
    • Target

      admin/_adv/AspCms_AdvList.asp

    • Size

      2KB

    • MD5

      0de7e08a5f799336c37b4a9a67d8c3eb

    • SHA1

      fb0a0e3dd4e520471d3351789d949a0bd2016a33

    • SHA256

      daeb46ed7321631b6a7c2e5b9050ace291cbbb34fcfbbd5606ea868d70b14e53

    • SHA512

      960449ca711d07fae47014b8479cf4dfa65783cd9785ae72418a24e8254f4cdc1475d4c97a1ff807b90070b57b903b195e29d5fe1c4f1806a042e80fc8ba102f

    Score
    3/10
    • Target

      admin/_content/_About/AspCms_About.asp

    • Size

      1KB

    • MD5

      71253852300445555bf064506c63e98c

    • SHA1

      aaafab302843625371508cbfa0b6bcaa3c6c6b8e

    • SHA256

      53c47f88468b258d46e631c44bccf5c5b0e60dc34103dce180b30188726b5443

    • SHA512

      f9cd33e366adc4ae3debc0703af8770e1108565ea44656a076d402ee68a20da57e2576316ff2c09d248f2ebec7361a988cf0414aa8040baca1a05f4c30dc50e8

    Score
    3/10
    • Target

      admin/_content/_About/AspCms_AboutEdit.asp

    • Size

      3KB

    • MD5

      6f7c3e7906a6a2611f804dd3b46348ed

    • SHA1

      4cff70b93a1d719e9045ea1f9971f254cdeeb7f0

    • SHA256

      9fe09fb841c5da99b209579b2a25836c3b863f7124d0a4484ed6be3e6916a7a7

    • SHA512

      5003e5b8cd09995ffc263f2c9fa5eb1afeacd347a879f238cc04d9874467b28176fc3da87410b689a642c3211611d06bf3388bab4166f8b95f51315574dac857

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

bootkitdiscoverypersistence
Score
7/10

behavioral2

bootkitdiscoverypersistence
Score
7/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

execution
Score
3/10

behavioral6

execution
Score
3/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

execution
Score
3/10

behavioral16

execution
Score
3/10

behavioral17

execution
Score
3/10

behavioral18

execution
Score
3/10

behavioral19

execution
Score
3/10

behavioral20

execution
Score
3/10

behavioral21

execution
Score
3/10

behavioral22

execution
Score
3/10

behavioral23

execution
Score
3/10

behavioral24

execution
Score
3/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
3/10

behavioral28

Score
3/10

behavioral29

Score
3/10

behavioral30

Score
3/10

behavioral31

execution
Score
3/10

behavioral32

execution
Score
3/10