Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

05c6488f0b...18.exe

windows7-x64

7

05c6488f0b...18.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

PIL._imaging.dll

windows7-x64

5

PIL._imaging.dll

windows10-2004-x64

5

README.html

windows7-x64

3

README.html

windows10-2004-x64

3

_hashlib.dll

windows7-x64

5

_hashlib.dll

windows10-2004-x64

5

_socket.dll

windows7-x64

5

_socket.dll

windows10-2004-x64

5

_ssl.dll

windows7-x64

5

_ssl.dll

windows10-2004-x64

5

bz2.dll

windows7-x64

5

bz2.dll

windows10-2004-x64

5

help.html

windows7-x64

3

help.html

windows10-2004-x64

3

msvcm90.dll

windows7-x64

5

msvcm90.dll

windows10-2004-x64

5

msvcp90.dll

windows7-x64

5

msvcp90.dll

windows10-2004-x64

5

msvcr90.dll

windows7-x64

5

msvcr90.dll

windows10-2004-x64

5

notewhal.exe

windows7-x64

6

notewhal.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    05c6488f0b51d91f1c825e2d228c3857_JaffaCakes118

  • Size

    6.6MB

  • Sample

    241001-pdxx3syemk

  • MD5

    05c6488f0b51d91f1c825e2d228c3857

  • SHA1

    3a409298d629b020dba6c3dd7913cdb1ad34a7cc

  • SHA256

    399a66a264facc46f2a703c9de786fcff6707f1fa4ca383b9a35b3fdd073cb7e

  • SHA512

    a787e2b8fe0dcb8471a7006f78fc304ccc6ea12f879f90d726be6a6fca75b68bc9e9c6159bb43516338ad463d1599d7f7078d39c9fb2b68d6473783504873c45

  • SSDEEP

    196608:szyQEbqDLv/b6b60eYXsFDQ60Ust4z4hp7WOGcA:szJDZUftG4n9A

Score
7/10
discoveryupx

Malware Config

Targets

    • Target

      05c6488f0b51d91f1c825e2d228c3857_JaffaCakes118

    • Size

      6.6MB

    • MD5

      05c6488f0b51d91f1c825e2d228c3857

    • SHA1

      3a409298d629b020dba6c3dd7913cdb1ad34a7cc

    • SHA256

      399a66a264facc46f2a703c9de786fcff6707f1fa4ca383b9a35b3fdd073cb7e

    • SHA512

      a787e2b8fe0dcb8471a7006f78fc304ccc6ea12f879f90d726be6a6fca75b68bc9e9c6159bb43516338ad463d1599d7f7078d39c9fb2b68d6473783504873c45

    • SSDEEP

      196608:szyQEbqDLv/b6b60eYXsFDQ60Ust4z4hp7WOGcA:szJDZUftG4n9A

    Score
    7/10
    discovery

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/FindProcDLL.dll

    • Size

      31KB

    • MD5

      83cd62eab980e3d64c131799608c8371

    • SHA1

      5b57a6842a154997e31fab573c5754b358f5dd1c

    • SHA256

      a6122e80f1c51dc72770b4f56c7c482f7a9571143fbf83b19c4d141d0cb19294

    • SHA512

      91cfbcc125600ec341f5571dcf1e4a814cf7673f82cf42f32155bd54791bbf32619f2bb14ae871d7996e9ddecdfcc5db40caa0979d6dfba3e73cfe8e69c163c9

    • SSDEEP

      384:1NWlNdqdAnhTKMLE2oIM05fnqCiWg3Yy9kflIinokN:1NWtqdihTKCldkYwkdpnoy

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/StartMenu.dll

    • Size

      7KB

    • MD5

      a4173b381625f9f12aadb4e1cdaefdb8

    • SHA1

      cf1680c2bc970d5675adbf5e89292a97e6724713

    • SHA256

      7755ff2707ca19344d489a5acec02d9e310425fa6e100d2f13025761676b875b

    • SHA512

      fcac79d42862da6bdd3ecad9d887a975cdff2301a8322f321be58f754a26b27077b452faa4751bbd09cd3371b4afce65255fbbb443e2c93dd2cba0ba652f4a82

    • SSDEEP

      96:2fiqP7bO2qHkAC40KhvSE+6nrxtMn0iGd88qRLqtJ1tbRhElfRx2:siqP7OHX1Q4xtcf8qo/ttgfRx2

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      c10e04dd4ad4277d5adc951bb331c777

    • SHA1

      b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

    • SHA256

      e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

    • SHA512

      853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

    • SSDEEP

      96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      PIL._imaging.pyd

    • Size

      140KB

    • MD5

      5ffd47942f33d41b492dbd0d8d9ceb30

    • SHA1

      04c134828ca939bbee557d6445cca22e3c5375c2

    • SHA256

      dadcd139cf4b412290ca7f34123a4419805eb704734cc9173030e4b419d3d6a6

    • SHA512

      3ae9fab0c10b495d6d312c07ea768a858232218fa1c9780c79a478d2deb42405f045d8898d69e2c6fef2639b1c2d0d1f28d0193ecdaa445af6c96edea040af96

    • SSDEEP

      3072:Wc2dkciwlRBzQRZL2Kh07HP9WfvDlHeLct5Et5enEe99bFCr2I+udIpFy2ygRout:hsRBzQRvh0RWfvDlHtrEf0Ee3bEddI2c

    Score
    5/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral11behavioral12

    • Target

      README.html

    • Size

      3KB

    • MD5

      19593b984c59b7d9ce433c8c0b970dd2

    • SHA1

      0065458a7c6059289dd6dca3a555fcf9dfd21073

    • SHA256

      3a7c8315b22f0fc4e0ad453cfeceeb496dc8246dc08fba8de02d8e41f28f78cd

    • SHA512

      01a8750b813839fbcec23096b23a1358d0406f26bb106573461d58ce801fd7627b0813cfd0dc1c7a16443e64443cbb8fdc08b0fa5ea2ba9d915413fbbf06c620

    Score
    3/10
    discovery
    behavioral13behavioral14

    • Target

      _hashlib.pyd

    • Size

      104KB

    • MD5

      541f4e38eace06613f604ee6a5372bec

    • SHA1

      b3c61f95bb145171f957608b7e9cdef2d27ee1e4

    • SHA256

      b212a6b61aea6678c90cc2a698b7e49c95111a7a78a93897793988bce25ceddb

    • SHA512

      d08da0c0777652adfa21acbae5634d7ccc5cc2deb6e31a1d81b4aa495d20d713fb5a6ed5f9a4bc25b8d6eded22b950abea27f95e1492d5f356878b5811b8a7a8

    • SSDEEP

      3072:gD6BiIXJ6AON/UVOnhYeYIC3gV8v2yJIGmbK4out:56w4nh/YIrCv26I7bK4oS

    Score
    5/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral15behavioral16

    • Target

      _socket.pyd

    • Size

      20KB

    • MD5

      124fa2799f2f2556d1333c30062e8eae

    • SHA1

      b8ab6a17c2261decc943bedd0d6e1da5b33c7aac

    • SHA256

      4c431fa082dfe063141a667ee829e4a2a54a52e2eb95f5506355b161e87f18e4

    • SHA512

      c198056a6093c7b4943214cbcceb167c6b4103b7eaa80e4623c3b19c6617f59309de07c4675fb0ac78f275e7b74bb5a2495b121d569e7fd0f7a490d08b8a3dae

    • SSDEEP

      384:nilvfbrh8iYI8o/jZTenLIaF7o7uITQ6pe8GSuYaNJawcudoD7Uq5:nyfbSiYAF40aFHMFAnbcuyD7Uq5

    Score
    5/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral17behavioral18

    • Target

      _ssl.pyd

    • Size

      264KB

    • MD5

      fec787079b0c70d240d54927daa11f27

    • SHA1

      513cfb81c45196fd94245ed4f2901ebec2422d13

    • SHA256

      96378c1fc08333b3846024b23cff4ae854bd220fdfa4bd2b28eccf5fed6ea716

    • SHA512

      24e5220d2d6a9900d898b417b3fcc07bd73f54c71a2a6ca9382a2c8b88ee4fe5ae1204052aa468e91dd2507ca70280a5b952b79814cb6e0525f13ee0361c838b

    • SSDEEP

      6144:EARy19FS4sIY+eyHT39/zmZoJl21I6DWnBwmDLsJiF9oS:xy1LSBoeyHLVzm2I1I6DWfqiF9oS

    Score
    5/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral19behavioral20

    • Target

      bz2.pyd

    • Size

      34KB

    • MD5

      2a7b1d2c98449faaf21a4bcaf4fbb4de

    • SHA1

      4cb2cd2fd9311e4d3d6ec0484fc5a8c371a2c9f0

    • SHA256

      cf1a55ad391361d401e2fad6183acd7b8a8c64c17738eedacf97e7c7279203bd

    • SHA512

      6c40c8470d6b49975f84df13779551816ec510d5552cc235483ee5f306f72c61da0cf33ba3cc849a3b38386d770ae7fc5b292d5893fd01d8d6cb6b08d3d85265

    • SSDEEP

      768:welRrZVnvj5+DAEy3Hu61ADZRtnntq0B9iHi/jwnbcuyD7UR:hVVb5kAEwO62xtz9+iMnouy8

    Score
    5/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral21behavioral22

    • Target

      help.html

    • Size

      3KB

    • MD5

      8ce6882b518b2bb2885f293bd4b9e950

    • SHA1

      bca808ff5c919df4ea26605f11ed2126a5e81b55

    • SHA256

      623da24a005b23142c73de900397aa5f7b95e073488e38283785b415c2f2d994

    • SHA512

      76dc710eb043829eea563e777cbc5228c96d5dcb6001e0bcebbe4d37b9434db0285902224fc2f6f0473742c8b1618ac4451359f22d383ac6fe497c7fa0309b66

    Score
    3/10
    discovery
    behavioral23behavioral24

    • Target

      msvcm90.dll

    • Size

      219KB

    • MD5

      4a8bc195abdc93f0db5dab7f5093c52f

    • SHA1

      b55a206fc91ecc3adeda65d286522aa69f04ac88

    • SHA256

      b371af3ce6cb5d0b411919a188d5274df74d5ee49f6dd7b1ccb5a31466121a18

    • SHA512

      197c12825efa2747afd10fafe3e198c1156ed20d75bad07984caa83447d0c7d498ef67cee11004232ca5d4dbbb9ae9d43bfd073002d3d0d8385476876ef48a94

    • SSDEEP

      6144:ge7iXDX5qmzXOZc/cU4HqsKvts6tifkglMqbO0YLJbc89XTiuq5Kz3OaOyp:ge7iXVDzXOGJb5XTiuq5Kz+

    Score
    5/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral25behavioral26

    • Target

      msvcp90.dll

    • Size

      328KB

    • MD5

      8077d35d3abe8eae897b947bc0ce7f4f

    • SHA1

      16a631e68d3a2def303c9694fe287803999eefbd

    • SHA256

      0ddccf1e8c9d6ce209bdab5cc7fbe173fbe453d09dee52905ced9915a63a6f96

    • SHA512

      ef74821b14ed2185da2571a0eb3479a0c1b0ab19609dd23e2d93307b00609fb6b5b47549bd44bfd0d05e7b339700ed3103e98377daa9ac584470a8ed46e623c4

    • SSDEEP

      6144:DNkzQydo3CioS41j8Qlg+hUgiW6QR7t5C3Ooc8SHkC2e/RzS:ZcdozoS88S3hUgiW6QR7t5C3Ooc8SHkf

    Score
    5/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral27behavioral28

    • Target

      msvcr90.dll

    • Size

      247KB

    • MD5

      ebdba73d639dc4ebedff5070d4f589a4

    • SHA1

      a6325d7cf7b7d0eb0bdf045dbe57acfe109fd907

    • SHA256

      f32aff9a98b505a25924c1a220cad71a6c1542fc1ccb5292b3742a7cf5c96d3c

    • SHA512

      e081e72cef8323146bf6973dd760e85053e1ab9544033340dc482ec537f96835e6f1a20dfe00c87d7e9c6bdd5ce6ef3090e2730996a545b831089903c00b4d30

    • SSDEEP

      6144:kvYKZjJvO7epdalu6x4sCAGDjQI6LoS5uZdGJCJLuEyKIqqOmiqsEqmQI0wye/30:kAWjJ27e0u6zfGDEoScmHyy3RzS

    Score
    5/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral29behavioral30

    • Target

      notewhal.exe

    • Size

      1.7MB

    • MD5

      c53716d88587975a32a6cebbb23c8377

    • SHA1

      48b81ff67bb307ebc8656352e8ad22814c6234b7

    • SHA256

      fcf9f0a45593686beeb19b7e99fbd1a7f50c7b57a1a9cdecd97e46f83398926a

    • SHA512

      f44a2eb023db36a1be29ba324c1b34a7d4580de4543fefd9bf9c3be656245f602908be1e3b11a7377742c154ec62ee864bb92bb8f7cb8ddb2ca01cc1c6df6a06

    • SSDEEP

      24576:ht8pWJHtOhlxP/TewLOfew2JG46O2pwlPM3IrrBsJsnUk27vikyK6VlN:EMHtwTe3feFE4dXlPM4rrBNL27U

    Score
    6/10
    discoveryupx

    • Legitimate hosting services abused for malware hosting/C2

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
7/10

behavioral1

discovery
Score
7/10

behavioral2

discovery
Score
7/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discoveryupx
Score
5/10

behavioral12

discoveryupx
Score
5/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discoveryupx
Score
5/10

behavioral16

discoveryupx
Score
5/10

behavioral17

discoveryupx
Score
5/10

behavioral18

discoveryupx
Score
5/10

behavioral19

discoveryupx
Score
5/10

behavioral20

discoveryupx
Score
5/10

behavioral21

discoveryupx
Score
5/10

behavioral22

discoveryupx
Score
5/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

discoveryupx
Score
5/10

behavioral26

discoveryupx
Score
5/10

behavioral27

discoveryupx
Score
5/10

behavioral28

discoveryupx
Score
5/10

behavioral29

discoveryupx
Score
5/10

behavioral30

discoveryupx
Score
5/10

behavioral31

discoveryupx
Score
6/10

behavioral32

discoveryupx
Score
6/10