Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

08c3b4a696...18.exe

windows7-x64

7

08c3b4a696...18.exe

windows10-2004-x64

7

$PLUGINSDI...ff.dll

windows7-x64

3

$PLUGINSDI...ff.dll

windows10-2004-x64

3

$PLUGINSDI...lp.dll

windows7-x64

3

$PLUGINSDI...lp.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ON.dll

windows7-x64

5

$PLUGINSDI...ON.dll

windows10-2004-x64

5

$PLUGINSDI...cr.exe

windows7-x64

7

$PLUGINSDI...cr.exe

windows10-2004-x64

7

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

DownLite.exe

windows7-x64

3

DownLite.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    08c3b4a6961c962a3371c6bcdb0aa6e0_JaffaCakes118

  • Size

    5.4MB

  • Sample

    241002-ejzczswdmj

  • MD5

    08c3b4a6961c962a3371c6bcdb0aa6e0

  • SHA1

    449f66ade3c79892488d1a51167fc9dff1a8f912

  • SHA256

    61e4d701e2e08bff206ec405ac27ea3fce687165b85c5bdac6cdf48d066dbe9c

  • SHA512

    7d35c131611ca8b8f9b49bf041fe7091155a189c939674bde41128c7a4cf87f218130d75e5af214a443f5598472aa7f2f5afd7e65abc7544dd50a173855bcc3a

  • SSDEEP

    98304:U1k8VO82XHfzqEKn7QSNak6VyhDLYnWO2XJ4tpx69BIMYMqjO97vbNnLlt:G2XHfOEKsniMn92Xitpx6DzYMSCvbNh

Score
7/10
adwarediscoveryspywarestealerupx

Malware Config

Targets

    • Target

      08c3b4a6961c962a3371c6bcdb0aa6e0_JaffaCakes118

    • Size

      5.4MB

    • MD5

      08c3b4a6961c962a3371c6bcdb0aa6e0

    • SHA1

      449f66ade3c79892488d1a51167fc9dff1a8f912

    • SHA256

      61e4d701e2e08bff206ec405ac27ea3fce687165b85c5bdac6cdf48d066dbe9c

    • SHA512

      7d35c131611ca8b8f9b49bf041fe7091155a189c939674bde41128c7a4cf87f218130d75e5af214a443f5598472aa7f2f5afd7e65abc7544dd50a173855bcc3a

    • SSDEEP

      98304:U1k8VO82XHfzqEKn7QSNak6VyhDLYnWO2XJ4tpx69BIMYMqjO97vbNnLlt:G2XHfOEKsniMn92Xitpx6DzYMSCvbNh

    Score
    7/10
    adwarediscoveryspywarestealerupx

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops Chrome extension

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/InstallerStuff.dll

    • Size

      115KB

    • MD5

      bcbacda49fb2c44fee595cbc82036242

    • SHA1

      a33356996c7b3e032693bb373bbde2acf72cc469

    • SHA256

      77ecf5896f33bbc002f00dd4742c00a20981bbc618563e49f34ea8f740da890d

    • SHA512

      18c44cedb9b0fbd301ad9cbe5ebafe66d16380090baa41697f3224a5086313c61420730e8a5050fa7de31e2f47dbd21259d6758cf84557e0c34b901a93c4ddc0

    • SSDEEP

      1536:zF/lMOy6cWef0K9CWGHyAkeW2Ku+odcI9sWjcdJlBD+4p4iq5:VlMnTIpSAkeuu+oenBD+4p4ii

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/OCSetupHlp.dll

    • Size

      848KB

    • MD5

      9e4e850e12f2f4f869b2491dbbb17ceb

    • SHA1

      bd89581a89604b601c817ea680c2a224b46737f8

    • SHA256

      4d1ad8aaf803660ee9d989a8a9cb3129397a97e4d0fa4b50ba7fb700b9d4d7b6

    • SHA512

      9285472e8ed2e685dce357383842356e3011110a09f2e66b2a34ee6bf3c7457dbba834256d8b9b240c20666ec38b62d0ebd7fe4dec1fd9cbb812adc36ad724f5

    • SSDEEP

      12288:w3RHConJZh6lVfdxrHtgFl2nMLlKT2OIPL8mKqSTSTpz4cB8:wkuMV1xrHaF8nMI2RPL8STpz4cB8

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      c10e04dd4ad4277d5adc951bb331c777

    • SHA1

      b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

    • SHA256

      e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

    • SHA512

      853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

    • SSDEEP

      96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      $PLUGINSDIR/nsJSON.dll

    • Size

      6KB

    • MD5

      292aa9f95a7f081625056c497078159a

    • SHA1

      72076f3eb146ab7ea2b3dd0ef6a63c06f86d64f1

    • SHA256

      18f2b2f20c65a022a1c8aaf776b4c9be6c193b73c2079d9d65d56b802fcadfb5

    • SHA512

      87f83c3bbcfedd98364b5d0209f912e66c72d43eb887438ad9735c078e6d1f6ea12566a75f0b652602bbd9f0608ce7148dc1703821f2ab6b366f061b8a58d910

    • SSDEEP

      96:u2r8Z0x0OOG+2tOgdC+qzf+Sdv9wMxOHKCt6qZZLAL5EICN9r7HcnrDn:uHI+2e9zf++viMot6qZFYEIC7jcrL

    Score
    5/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral11behavioral12

    • Target

      $PLUGINSDIR/setup_cr.exe

    • Size

      3.2MB

    • MD5

      ca023e6709a718a4917df6f3f2c8bbf7

    • SHA1

      f9b989d482562796c8c95d124e52bd9e4643d32e

    • SHA256

      6df47c38d9452173201fb301c3a7225221d4cafeaf07a3edc1dae9ea6135b86d

    • SHA512

      23e813a6ac93394102b9448a3b5b3e41cf7eeb7eb683edaaf56335bd4ff3ac45884c6e0e10c7c0a9d8cd7f472e58b45e57d32fdcac819659c22e3dd547ae4d03

    • SSDEEP

      98304:2NtKKGFdJNUujVhvCIu3WC2Z84tS+/83y:2nKK8wV/3p2ZttS+/yy

    Score
    7/10
    adwarediscoveryspywarestealerupx

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops Chrome extension

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral13behavioral14

    • Target

      $PLUGINSDIR/InstallerUtils.dll

    • Size

      104KB

    • MD5

      156e15e3dfcc2f2ff2dbcc373fc11f53

    • SHA1

      5ff52623dedd7efefac54dbd31b5d1bdf0f3e799

    • SHA256

      4618571c27877641f83bfb312aa5b66ebe4a8954dc898ce4e640aeaea4dc0693

    • SHA512

      d4930f0b49dae5386a92124b954d1b82921e07da2a9ffd9d854f6ab6f03473e591d3b67f0aa8ea19f83b480be705d829797e62825fda50ffb074bd4734b265b4

    • SSDEEP

      1536:amDdAXB7tPhDhHkb2p0H9YdYKgHn7IYHsrt2yHu8WGNnRzYkm6gxzSSSSSSSSUm:PDdAx7tJ1kqUKC7FK2yO8WG3O6gxF

    Score
    3/10
    discovery
    behavioral15behavioral16

    • Target

      $PLUGINSDIR/StdUtils.dll

    • Size

      14KB

    • MD5

      21010df9bc37daffcc0b5ae190381d85

    • SHA1

      a8ba022aafc1233894db29e40e569dfc8b280eb9

    • SHA256

      0ebd62de633fa108cf18139be6778fa560680f9f8a755e41c6ab544ab8db5c16

    • SHA512

      95d3dbba6eac144260d5fcc7fcd5fb3afcb59ae62bd2eafc5a1d2190e9b44f8e125290d62fef82ad8799d0072997c57b2fa8a643aba554d0a82bbd3f8eb1403e

    • SSDEEP

      192:OFb8Y8oqy2mqZc9hGBQHRx39oRxmMvURkB/Fs:qb8Y8nKqohGBKxox9vURw/a

    Score
    3/10
    discovery
    behavioral17behavioral18

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      00a0194c20ee912257df53bfe258ee4a

    • SHA1

      d7b4e319bc5119024690dc8230b9cc919b1b86b2

    • SHA256

      dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

    • SHA512

      3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    discovery
    behavioral19behavioral20

    • Target

      DownLite.exe

    • Size

      2.1MB

    • MD5

      84d44cc04348df5226b733eba1b64eb6

    • SHA1

      3cc6d1a7aa6dcccf665c0c777af596d551fd953a

    • SHA256

      7126b3a28108726ee7d07024bce3611ed2d68f7fe75494124a04b9314488e605

    • SHA512

      40f11d74b158188b5d948d014ee82d70bd1b4a78710d7e596f961dd13fe212e6435ce2069ff4f483be3d8d23f8bf4fe478264b1c90f840660fcf4f7e0ded24b5

    • SSDEEP

      49152:0gSxAEDE727h0VKMPh3UWUZQLamNg5/U6l:Q82zMPh3bUqamWc6l

    Score
    3/10
    discovery
    behavioral21behavioral22

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
7/10

behavioral1

adwarediscoveryspywarestealerupx
Score
7/10

behavioral2

adwarediscoveryspywarestealerupx
Score
7/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discoveryupx
Score
5/10

behavioral12

discoveryupx
Score
5/10

behavioral13

adwarediscoveryspywarestealerupx
Score
7/10

behavioral14

adwarediscoveryspywarestealerupx
Score
7/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10