Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0904efe9f63a556f1ea8695cdabadb96_JaffaCakes118

  • Size

    1.5MB

  • Sample

    241002-fpxl1sscmd

  • MD5

    0904efe9f63a556f1ea8695cdabadb96

  • SHA1

    0b7eedd5052276e02008f69cb85e7e4d7c5b3535

  • SHA256

    4d4a9dd8b239d394f1998b481cdf83f869be2af2d8d568fcb47648d0d42bb71c

  • SHA512

    181fae5866bbb2567a43a30ffe2e5ca7a8d016491a66f2b2fc0a725c772cd2e46f806d23ba23946c223ecf7e510657d763f748874f2e3247c035eba1942c3618

  • SSDEEP

    49152:NEe3jEfDI94myN4ghZ1KX82Bh/Dd0r/P9JPDdabvwM:NT/9S4OZ1KX880jPfbd0D

Malware Config

Targets

    • Target

      0904efe9f63a556f1ea8695cdabadb96_JaffaCakes118

    • Size

      1.5MB

    • MD5

      0904efe9f63a556f1ea8695cdabadb96

    • SHA1

      0b7eedd5052276e02008f69cb85e7e4d7c5b3535

    • SHA256

      4d4a9dd8b239d394f1998b481cdf83f869be2af2d8d568fcb47648d0d42bb71c

    • SHA512

      181fae5866bbb2567a43a30ffe2e5ca7a8d016491a66f2b2fc0a725c772cd2e46f806d23ba23946c223ecf7e510657d763f748874f2e3247c035eba1942c3618

    • SSDEEP

      49152:NEe3jEfDI94myN4ghZ1KX82Bh/Dd0r/P9JPDdabvwM:NT/9S4OZ1KX880jPfbd0D

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/StartMenu.dll

    • Size

      7KB

    • MD5

      a4173b381625f9f12aadb4e1cdaefdb8

    • SHA1

      cf1680c2bc970d5675adbf5e89292a97e6724713

    • SHA256

      7755ff2707ca19344d489a5acec02d9e310425fa6e100d2f13025761676b875b

    • SHA512

      fcac79d42862da6bdd3ecad9d887a975cdff2301a8322f321be58f754a26b27077b452faa4751bbd09cd3371b4afce65255fbbb443e2c93dd2cba0ba652f4a82

    • SSDEEP

      96:2fiqP7bO2qHkAC40KhvSE+6nrxtMn0iGd88qRLqtJ1tbRhElfRx2:siqP7OHX1Q4xtcf8qo/ttgfRx2

    Score
    3/10
    • Target

      $TEMP/netddee.exe

    • Size

      507KB

    • MD5

      ad4b2243c131ada12b25cb0334690a62

    • SHA1

      811da77cfd2021738196ee13cae9ec9f239b9118

    • SHA256

      ac7891555a255a9b7fe04b78ecfb035507414a6a8598422dab771214d1410a46

    • SHA512

      ee207f92b0d45dab82b486fda7e5baf7e3a476a2418b866f4e00a15152e0a95284916c04137b19e30e078544c391a84840f6a88efe5558e78058e24b7501d049

    • SSDEEP

      12288:mUyg5Z03FxbKz7Vj4X1f6oXXCF9uEYN9k71RqXaJnnb:mUZ5O3F9EpjEfQzI9kBRqKJnnb

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $SYSDIR/$SYSDIR/$_1_.exe

    • Size

      53KB

    • MD5

      874577528befed676900d88050fcc4ab

    • SHA1

      418618ad890702b307734b25df7f78fa43fb3a60

    • SHA256

      5596504f8ec18128105418f6ec2490a242ed6732eae435b7514d4ad073dbcc42

    • SHA512

      fb0e113abc158d8dfd1aa5af907598694ed92d940ffc257e6484796e8dc6c4c12b14d28193cdceaf173a5360b7a117ee572ad58465e1baf9dd5f66e1d56d8e22

    • SSDEEP

      768:KHJd0TpH2+bQ2dUWVX9Hfv1JMWmtLEJOyuBxG0D3mjfS3XJVJRn35qlXF3pm0Efd:KpgpHzb9dZVX9fHMvG0D3XJt5q9VSf2k

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      325b008aec81e5aaa57096f05d4212b5

    • SHA1

      27a2d89747a20305b6518438eff5b9f57f7df5c3

    • SHA256

      c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    • SHA512

      18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

    • SSDEEP

      192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $SYSDIR/$_5_

    • Size

      877KB

    • MD5

      20a9c78acf901dd4328881cc067e336c

    • SHA1

      e39e2011c8504dbea9356a0dee4770ea30d95509

    • SHA256

      5dc895ed2436461a93e3faf2e89332ad78507608d8249c58b4c093e2d2d3b71e

    • SHA512

      7e8483e19bcd1b03099eb7290e4fe32d1b232162da3da67cf29142c33fead4f82e3e6c26094ccb0aadcb7949d8cbb07db5bd56df8e9069a6c67fa2a8c4d51b72

    • SSDEEP

      24576:DQJDHPGAzx8GwPiUYUUGQF6mHjdeiv9R7MKR6VuOZ7SmdfN:sJBwQF6mDEivP7xEuOZTfN

    • Adds Run key to start application

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Target

      $TEMP/setup.exe

    • Size

      1.0MB

    • MD5

      c54a5bfcba4d9fbe1642188b068bc1e4

    • SHA1

      f75f0f4818f53882ab4816d6db8043ecb7306c2c

    • SHA256

      57cdd25b0f1d9e6db58d10cdbc49850e2fd71826ec637646703d97df9c148353

    • SHA512

      92bd4b7317306f6aebf2f5b72f278908b1326bffe4c4c18fa4d82c9ca4c91d167412b3893c24c12bc0d399d48faf2e4159c60fd7f8a80bfe566258be1a9350ae

    • SSDEEP

      24576:sT+PJtXA2ycphiKh77X0A/zEPTRlwp7KwcpgoUMcSa3Hww:m+jXA23h/970A/iU1HDSa3Hww

    Score
    7/10
    • Loads dropped DLL

    • Target

      $PLUGINSDIR/AccessControl.dll

    • Size

      10KB

    • MD5

      055f4f9260e07fc83f71877cbb7f4fad

    • SHA1

      a245131af1a182de99bd74af9ff1fab17977a72f

    • SHA256

      4209588362785b690d08d15cd982b8d1c62c348767ca19114234b21d5df74ddc

    • SHA512

      a8e82dc4435ed938f090f43df953ddad9b0075f16218c09890c996299420162d64b1dbfbf613af37769ae796717eec78204dc786b757e8b1d13d423d4ee82e26

    • SSDEEP

      192:8SEWBGgiJM4LN+xq56XdNcNz/NWdlJmlyOcROQ:8SEPgii9KTzyt

    Score
    3/10
    • Target

      $PLUGINSDIR/DcryptDll.dll

    • Size

      18KB

    • MD5

      bbda90c18c0cd73917174bb8b82782e2

    • SHA1

      8d641f33049dc7fad7ab885134f29f881968f24b

    • SHA256

      57a03e767e13d4843a4249116928b57513c6865d81ff583a230485a6ef755c3a

    • SHA512

      8698a81573ac295321bc55300f114a50c9428ef56feaa434d84d8fabb0dd098e1b538d247f5aa0524d8e7be7291dd7995f12aee5dc41715be092a27a61ca5e0b

    • SSDEEP

      384:nZyQSewDbPmRqcXx2kMPrd9cbkUmR08EMW6:nbtwnmR/xQdckUSEMW6

    Score
    3/10
    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      325b008aec81e5aaa57096f05d4212b5

    • SHA1

      27a2d89747a20305b6518438eff5b9f57f7df5c3

    • SHA256

      c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    • SHA512

      18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

    • SSDEEP

      192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $PLUGINSDIR/UAC.dll

    • Size

      13KB

    • MD5

      7f56c0d6a8733dec142814ed5a58b0ee

    • SHA1

      c119e66f179cfb758966f3cf878466057bea1840

    • SHA256

      86445396775370aff5834f10bda25e505b6f89efc69a04fe1ce46f5d128be73f

    • SHA512

      8b3b9bed985b3583b7be8b2197bb068e5d5508f8b5c4a7fc1278b2662dc8d9a53fd6df63f636e44bfc5aa37f030ac76b8d259d6b446bf87d5c72b74ff5b158f3

    • SSDEEP

      384:d/lNMKbnRWKYyCvDvQH3yBf/qPNGkVWYyLrcMf9VQ8c:d/lq+RDYJf/qPNGkQ5LrcCQ

    Score
    3/10
    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      c10e04dd4ad4277d5adc951bb331c777

    • SHA1

      b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

    • SHA256

      e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

    • SHA512

      853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

    • SSDEEP

      96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420

    Score
    3/10
    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      acc2b699edfea5bf5aae45aba3a41e96

    • SHA1

      d2accf4d494e43ceb2cff69abe4dd17147d29cc2

    • SHA256

      168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

    • SHA512

      e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

    • SSDEEP

      96:M7GUb+YNfwgcr8zyKwZ5S4JxN8BS0ef9/3VI9d0qqyVgNk32E:eKgfwgcr8zylsB49Ud0qJVgNX

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

adwarediscoverypersistencestealer
Score
7/10

behavioral2

adwarediscoverypersistencestealer
Score
7/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

adwarediscoverypersistencestealer
Score
7/10

behavioral6

adwarediscoverypersistencestealer
Score
7/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
7/10

behavioral10

discovery
Score
7/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

adwarediscoverypersistencestealer
Score
6/10

behavioral16

adwarediscoverypersistencestealer
Score
6/10

behavioral17

discovery
Score
7/10

behavioral18

discovery
Score
7/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

discovery
Score
3/10

behavioral26

discovery
Score
3/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

discovery
Score
3/10

behavioral30

discovery
Score
3/10

behavioral31

discovery
Score
3/10

behavioral32

discovery
Score
3/10