Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

eeb2bfc11c...18.exe

windows7-x64

7

eeb2bfc11c...18.exe

windows10-2004-x64

7

$PLUGINSDI...ig.dll

windows7-x64

3

$PLUGINSDI...ig.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...el.dll

windows7-x64

7

$PLUGINSDI...el.dll

windows10-2004-x64

7

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDIR/fct.dll

windows7-x64

3

$PLUGINSDIR/fct.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

EasyOn.dll

windows7-x64

6

EasyOn.dll

windows10-2004-x64

6

EasyOn.exe

windows7-x64

6

EasyOn.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eeb2bfc11c419220a268192f6f67b523_JaffaCakes118

  • Size

    197KB

  • Sample

    240921-adfw8svhrf

  • MD5

    eeb2bfc11c419220a268192f6f67b523

  • SHA1

    17dcea796fbf9825276818059234222f11eb2a43

  • SHA256

    31509c0972070a9c986413b2317cc4ceb01663fe01b1dfd264d04e395c68989b

  • SHA512

    d669129aba40a76dbbcf22ad44dbe7ee0eb60a2219966f7468b36aef1fb2a386f3bb201d4a0e1622ed3ef91f36c049d48fd6d9e1dffe048334df0717902697bf

  • SSDEEP

    6144:dH1cG75+ZPPfnE2Qyn20UGTyniR1E2OGPT75j:p1cGF+ZPPfnEUnjTKiUhGrFj

Score
7/10
adwarediscoverypersistencestealerupx

Malware Config

Targets

    • Target

      eeb2bfc11c419220a268192f6f67b523_JaffaCakes118

    • Size

      197KB

    • MD5

      eeb2bfc11c419220a268192f6f67b523

    • SHA1

      17dcea796fbf9825276818059234222f11eb2a43

    • SHA256

      31509c0972070a9c986413b2317cc4ceb01663fe01b1dfd264d04e395c68989b

    • SHA512

      d669129aba40a76dbbcf22ad44dbe7ee0eb60a2219966f7468b36aef1fb2a386f3bb201d4a0e1622ed3ef91f36c049d48fd6d9e1dffe048334df0717902697bf

    • SSDEEP

      6144:dH1cG75+ZPPfnE2Qyn20UGTyniR1E2OGPT75j:p1cGF+ZPPfnEUnjTKiUhGrFj

    Score
    7/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/IpConfig.dll

    • Size

      114KB

    • MD5

      a3ed6f7ea493b9644125d494fbf9a1e6

    • SHA1

      ebeee67fb0b5b3302c69f47c5e7fca62e1a809d8

    • SHA256

      ec0f85f8a9d6b77081ba0103f967ef6705b547bf27bcd866d77ac909d21a1e08

    • SHA512

      7099e1bc78ba5727661aa49f75523126563a5ebccdff10cabf868ce5335821118384825f037fbf1408c416c0212aa702a5974bc54d1b63c9d0bcade140f9aae1

    • SSDEEP

      1536:CPDzpyvLtmY7SeAmhPzV8+i7kRuACUxHf91MionF9JTwrLPG5zfO+lP7:UZl1e7L4ARzC3dwrLPG5zG+lP7

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/NSISdl.dll

    • Size

      14KB

    • MD5

      a5f8399a743ab7f9c88c645c35b1ebb5

    • SHA1

      168f3c158913b0367bf79fa413357fbe97018191

    • SHA256

      dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

    • SHA512

      824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

    • SSDEEP

      192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/SelfDel.dll

    • Size

      4KB

    • MD5

      7cff7fe2caea5184d98c147e7e263132

    • SHA1

      21f39d3d0dd5f7198d67ef30e95d10ae3460093e

    • SHA256

      281c39b733579e031c62bdd247b41543ece1fe3bd6eda26fc8ad474b10f33101

    • SHA512

      fb1161b8571d1d0c67e2df0d571b08f5e7a73f81409aed847344154d02406910629181bcce4e18e998ec472f51a6a1b40d956a010abdd10e850413aafa87808a

    • SSDEEP

      48:CzHDh3jgWMynQfXKsJ3eAn67wN4VDm0pmoZSeJY8JTaCILFoyTFS7lWsaEaSueq:S18WMynkXKOOATEVUPnS7s9TShqTM

    Score
    7/10
    discoveryupx

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/UAC.dll

    • Size

      13KB

    • MD5

      29858669d7da388d1e62b4fd5337af12

    • SHA1

      756b94898429a9025a04ae227f060952f1149a5f

    • SHA256

      c24c005daa7f5578c4372b38d1be6be5e27ef3ba2cdb9b67fee15cac406eba62

    • SHA512

      6f4d538f2fe0681f357bab73f633943c539ddc1451efa1d1bb76d70bb47aa68a05849e36ae405cc4664598a8194227fa7053de6dbce7d6c52a20301293b3c85f

    • SSDEEP

      384:RlNMjIH4DnFnyJ0Dt5ZtmVWsSLr4z9VwzU:RlqMYzFnD/tmQFLrSw

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      $PLUGINSDIR/fct.dll

    • Size

      4KB

    • MD5

      e3f3809f51c7982d96aaf9c090f7d176

    • SHA1

      7494daa8000c0b31c58d94edc509232569a4606f

    • SHA256

      010f5e0c69b4a630b08b2551e03d8044a33350f151848dcf50953407012fab29

    • SHA512

      3fca284e384abc95201dc73f19bd9d75413e8890e819967070b9d9991115be2a8c17e07bd1aaaffcbc770b393bf9a2af253100ac4d9efba8d21110bac97737fc

    • SSDEEP

      48:qlQOVagyAU3gJS+Tgc43uiu7Dh/gdp/gRfykVwv+:qa33gJS+ccQuiuJE/kyku

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      $PLUGINSDIR/nsProcess.dll

    • Size

      4KB

    • MD5

      05450face243b3a7472407b999b03a72

    • SHA1

      ffd88af2e338ae606c444390f7eaaf5f4aef2cd9

    • SHA256

      95fe9d92512ff2318cc2520311ef9145b2cee01209ab0e1b6e45c7ce1d4d0e89

    • SHA512

      f4cbe30166aff20a226a7150d93a876873ba699d80d7e9f46f32a9b4753fa7966c3113a3124340b39ca67a13205463a413e740e541e742903e3f89af5a53ad3b

    Score
    3/10
    discovery
    behavioral13behavioral14

    • Target

      EasyOn.dll

    • Size

      126KB

    • MD5

      b8d58e3a0587f0015e5ef6e611444f30

    • SHA1

      181d12bc03b329f4ddd4f85f792b2f0a7b9d147a

    • SHA256

      41321b02a4922ab9911e340c190eead9e17d5f56590921953b0658958e1bfba8

    • SHA512

      b2e1c3f4ec7e1f468fd8e4d190a17268f2008dfc8e8a68e45b6a109cb98322c5363d49d5aaf8e76cf38c7fc1e813179f776dd90ad6ae55b6b46ddbafe1b56434

    • SSDEEP

      3072:txSwDINkVwQag7NVj1agWgIknPGcnifj56:t4JwzRZPGl

    Score
    6/10
    adwarediscoverystealer

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral15behavioral16

    • Target

      EasyOn.exe

    • Size

      38KB

    • MD5

      e95bc409a64ea9a611bf6df227eb7e3c

    • SHA1

      9388530cf6d248c1c73cee05a2d66c77a1cbcac4

    • SHA256

      9bf1cea5efcecb3dd7f28c3d6359037807b3379aeb82f154c27e1f84c3286f3a

    • SHA512

      a5220d93b3c94d158e33b8d01fa2dc18dbf029ebd70871351b3b1c0fa6225d42e419122ecc0d0a12abecd3d42a90ab87793f239c21c63afcf05d6b2e10bc550e

    • SSDEEP

      384:Evb1cDbSw+uaAMTyX8DfW18WPNc33fxYJLuPkCQuhD:ET1Y2w+lfTuGoHP23P8LuDZ

    Score
    6/10
    adwarediscoverypersistencestealer

    • Adds Run key to start application

      persistence

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral17behavioral18

MITRE ATT&CK Enterprise v15

Tasks