Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    08c3b4a6961c962a3371c6bcdb0aa6e0_JaffaCakes118

  • Size

    5.4MB

  • Sample

    241002-ejzczswdmj

  • MD5

    08c3b4a6961c962a3371c6bcdb0aa6e0

  • SHA1

    449f66ade3c79892488d1a51167fc9dff1a8f912

  • SHA256

    61e4d701e2e08bff206ec405ac27ea3fce687165b85c5bdac6cdf48d066dbe9c

  • SHA512

    7d35c131611ca8b8f9b49bf041fe7091155a189c939674bde41128c7a4cf87f218130d75e5af214a443f5598472aa7f2f5afd7e65abc7544dd50a173855bcc3a

  • SSDEEP

    98304:U1k8VO82XHfzqEKn7QSNak6VyhDLYnWO2XJ4tpx69BIMYMqjO97vbNnLlt:G2XHfOEKsniMn92Xitpx6DzYMSCvbNh

Malware Config

Targets

    • Target

      08c3b4a6961c962a3371c6bcdb0aa6e0_JaffaCakes118

    • Size

      5.4MB

    • MD5

      08c3b4a6961c962a3371c6bcdb0aa6e0

    • SHA1

      449f66ade3c79892488d1a51167fc9dff1a8f912

    • SHA256

      61e4d701e2e08bff206ec405ac27ea3fce687165b85c5bdac6cdf48d066dbe9c

    • SHA512

      7d35c131611ca8b8f9b49bf041fe7091155a189c939674bde41128c7a4cf87f218130d75e5af214a443f5598472aa7f2f5afd7e65abc7544dd50a173855bcc3a

    • SSDEEP

      98304:U1k8VO82XHfzqEKn7QSNak6VyhDLYnWO2XJ4tpx69BIMYMqjO97vbNnLlt:G2XHfOEKsniMn92Xitpx6DzYMSCvbNh

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops Chrome extension

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $PLUGINSDIR/InstallerStuff.dll

    • Size

      115KB

    • MD5

      bcbacda49fb2c44fee595cbc82036242

    • SHA1

      a33356996c7b3e032693bb373bbde2acf72cc469

    • SHA256

      77ecf5896f33bbc002f00dd4742c00a20981bbc618563e49f34ea8f740da890d

    • SHA512

      18c44cedb9b0fbd301ad9cbe5ebafe66d16380090baa41697f3224a5086313c61420730e8a5050fa7de31e2f47dbd21259d6758cf84557e0c34b901a93c4ddc0

    • SSDEEP

      1536:zF/lMOy6cWef0K9CWGHyAkeW2Ku+odcI9sWjcdJlBD+4p4iq5:VlMnTIpSAkeuu+oenBD+4p4ii

    Score
    3/10
    • Target

      $PLUGINSDIR/OCSetupHlp.dll

    • Size

      848KB

    • MD5

      9e4e850e12f2f4f869b2491dbbb17ceb

    • SHA1

      bd89581a89604b601c817ea680c2a224b46737f8

    • SHA256

      4d1ad8aaf803660ee9d989a8a9cb3129397a97e4d0fa4b50ba7fb700b9d4d7b6

    • SHA512

      9285472e8ed2e685dce357383842356e3011110a09f2e66b2a34ee6bf3c7457dbba834256d8b9b240c20666ec38b62d0ebd7fe4dec1fd9cbb812adc36ad724f5

    • SSDEEP

      12288:w3RHConJZh6lVfdxrHtgFl2nMLlKT2OIPL8mKqSTSTpz4cB8:wkuMV1xrHaF8nMI2RPL8STpz4cB8

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      c10e04dd4ad4277d5adc951bb331c777

    • SHA1

      b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

    • SHA256

      e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

    • SHA512

      853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

    • SSDEEP

      96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420

    Score
    3/10
    • Target

      $PLUGINSDIR/nsJSON.dll

    • Size

      6KB

    • MD5

      292aa9f95a7f081625056c497078159a

    • SHA1

      72076f3eb146ab7ea2b3dd0ef6a63c06f86d64f1

    • SHA256

      18f2b2f20c65a022a1c8aaf776b4c9be6c193b73c2079d9d65d56b802fcadfb5

    • SHA512

      87f83c3bbcfedd98364b5d0209f912e66c72d43eb887438ad9735c078e6d1f6ea12566a75f0b652602bbd9f0608ce7148dc1703821f2ab6b366f061b8a58d910

    • SSDEEP

      96:u2r8Z0x0OOG+2tOgdC+qzf+Sdv9wMxOHKCt6qZZLAL5EICN9r7HcnrDn:uHI+2e9zf++viMot6qZFYEIC7jcrL

    Score
    5/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $PLUGINSDIR/setup_cr.exe

    • Size

      3.2MB

    • MD5

      ca023e6709a718a4917df6f3f2c8bbf7

    • SHA1

      f9b989d482562796c8c95d124e52bd9e4643d32e

    • SHA256

      6df47c38d9452173201fb301c3a7225221d4cafeaf07a3edc1dae9ea6135b86d

    • SHA512

      23e813a6ac93394102b9448a3b5b3e41cf7eeb7eb683edaaf56335bd4ff3ac45884c6e0e10c7c0a9d8cd7f472e58b45e57d32fdcac819659c22e3dd547ae4d03

    • SSDEEP

      98304:2NtKKGFdJNUujVhvCIu3WC2Z84tS+/83y:2nKK8wV/3p2ZttS+/yy

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops Chrome extension

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $PLUGINSDIR/InstallerUtils.dll

    • Size

      104KB

    • MD5

      156e15e3dfcc2f2ff2dbcc373fc11f53

    • SHA1

      5ff52623dedd7efefac54dbd31b5d1bdf0f3e799

    • SHA256

      4618571c27877641f83bfb312aa5b66ebe4a8954dc898ce4e640aeaea4dc0693

    • SHA512

      d4930f0b49dae5386a92124b954d1b82921e07da2a9ffd9d854f6ab6f03473e591d3b67f0aa8ea19f83b480be705d829797e62825fda50ffb074bd4734b265b4

    • SSDEEP

      1536:amDdAXB7tPhDhHkb2p0H9YdYKgHn7IYHsrt2yHu8WGNnRzYkm6gxzSSSSSSSSUm:PDdAx7tJ1kqUKC7FK2yO8WG3O6gxF

    Score
    3/10
    • Target

      $PLUGINSDIR/StdUtils.dll

    • Size

      14KB

    • MD5

      21010df9bc37daffcc0b5ae190381d85

    • SHA1

      a8ba022aafc1233894db29e40e569dfc8b280eb9

    • SHA256

      0ebd62de633fa108cf18139be6778fa560680f9f8a755e41c6ab544ab8db5c16

    • SHA512

      95d3dbba6eac144260d5fcc7fcd5fb3afcb59ae62bd2eafc5a1d2190e9b44f8e125290d62fef82ad8799d0072997c57b2fa8a643aba554d0a82bbd3f8eb1403e

    • SSDEEP

      192:OFb8Y8oqy2mqZc9hGBQHRx39oRxmMvURkB/Fs:qb8Y8nKqohGBKxox9vURw/a

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      00a0194c20ee912257df53bfe258ee4a

    • SHA1

      d7b4e319bc5119024690dc8230b9cc919b1b86b2

    • SHA256

      dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

    • SHA512

      3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      DownLite.exe

    • Size

      2.1MB

    • MD5

      84d44cc04348df5226b733eba1b64eb6

    • SHA1

      3cc6d1a7aa6dcccf665c0c777af596d551fd953a

    • SHA256

      7126b3a28108726ee7d07024bce3611ed2d68f7fe75494124a04b9314488e605

    • SHA512

      40f11d74b158188b5d948d014ee82d70bd1b4a78710d7e596f961dd13fe212e6435ce2069ff4f483be3d8d23f8bf4fe478264b1c90f840660fcf4f7e0ded24b5

    • SSDEEP

      49152:0gSxAEDE727h0VKMPh3UWUZQLamNg5/U6l:Q82zMPh3bUqamWc6l

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
7/10

behavioral1

adwarediscoveryspywarestealerupx
Score
7/10

behavioral2

adwarediscoveryspywarestealerupx
Score
7/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discoveryupx
Score
5/10

behavioral12

discoveryupx
Score
5/10

behavioral13

adwarediscoveryspywarestealerupx
Score
7/10

behavioral14

adwarediscoveryspywarestealerupx
Score
7/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.