Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    07b38e44001f4972d3a4bf2f552bc670_JaffaCakes118

  • Size

    428KB

  • Sample

    241001-2jb9satepp

  • MD5

    07b38e44001f4972d3a4bf2f552bc670

  • SHA1

    dabb70223b608824edbe8e528fbe5b79db16e96f

  • SHA256

    23a8d5cbed2d324800423cea1de9357756ce372f22693ea8b482f43ea6c4ac37

  • SHA512

    541be40c3436cdf88ac007cdab6a551d5443862300a90dea00a0ebfe9fd7b7eb4f3980791cf16db29d33f525272f2f92f758af8474d6497d127d8060361161fa

  • SSDEEP

    6144:psaocyLCxcfyuO4+iX7nC+pQ8l1jYoVr+/mYOP3JkLXXKaJ7JQ87DbximefUgudM:ptobKr4jX7nCGQiZUqkr887DFincgum

Score
7/10

Malware Config

Targets

    • Target

      07b38e44001f4972d3a4bf2f552bc670_JaffaCakes118

    • Size

      428KB

    • MD5

      07b38e44001f4972d3a4bf2f552bc670

    • SHA1

      dabb70223b608824edbe8e528fbe5b79db16e96f

    • SHA256

      23a8d5cbed2d324800423cea1de9357756ce372f22693ea8b482f43ea6c4ac37

    • SHA512

      541be40c3436cdf88ac007cdab6a551d5443862300a90dea00a0ebfe9fd7b7eb4f3980791cf16db29d33f525272f2f92f758af8474d6497d127d8060361161fa

    • SSDEEP

      6144:psaocyLCxcfyuO4+iX7nC+pQ8l1jYoVr+/mYOP3JkLXXKaJ7JQ87DbximefUgudM:ptobKr4jX7nCGQiZUqkr887DFincgum

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Target

      $PLUGINSDIR/dawn.exe

    • Size

      212KB

    • MD5

      3fe8c2cfc48fbef8b2fc3d79769373b1

    • SHA1

      089c032591a2aceffefbdf29262f16d31aa7e696

    • SHA256

      d0ac7f3c6f8fd818a6b5807b406a3bd80114cb8db5820a5e3b624eb12fbfd773

    • SHA512

      f4e467d1f2826938d98c7701ff52672e67b0e3e29eab706161568c235c236777bca3959b61cd55e152621d56ea46bbbd7822586c123c289a23f2b1d01b9b5f00

    • SSDEEP

      3072:63abMwJeBzAmFih1bWiCgJZB+yWZvuFX6RWqOhV3loiHmHhyXcv3ktX:6QMbBsmw3bWiCgJ2GFXUWdV1lhVp

    Score
    5/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $PLUGINSDIR/inst.exe

    • Size

      175KB

    • MD5

      ecef08b48d655495922474ce5fdb0b3b

    • SHA1

      37db28981e315ba34fb72e5fabfb2c2ade2a7aea

    • SHA256

      1823f6ca026972810a09a61d2ca41aeda650c4bd7a7bbba010e08895eb949fac

    • SHA512

      65fd89715af68b36860194affa710812ed638ca826a269fc39500997ace3f4284c8bfbe08d7dd623490fc83896c155f0d5f0ae8a5f78b07ec7d3203e9a8fe371

    • SSDEEP

      3072:vkK063NEIpv3p3KV7boDwUfWluHK5U2kmZcD4oMzBmHf5QLktp4TQWtF:vlb3xJDwUfPHkU2tZcYyxQAvaRz

    Score
    6/10
    • Drops desktop.ini file(s)

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      8KB

    • MD5

      249ae678f0dac4c625c6de6aca53823a

    • SHA1

      6ac2b9e90e8445fed4c45c5dbf2d0227cd3b5201

    • SHA256

      7298024a36310b7c4c112be87b61b62a0b1be493e2d5252a19e5e976daf674ce

    • SHA512

      66e4081a40f3191bf28b810cf8411cb3c8c3e3ec5943e18d6672414fb5e7b4364f862cba44c9115c599ac90890ef02a773e254e7c979e930946bc52b0693aad7

    • SSDEEP

      192:r/QeHNWSvUTfWdXw08LYKFaynLb3MRlbOVlR:7jBvwudT8LJxnnMRlyVlR

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks