Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0a29134064c19d23dc603947eb8e44a7_JaffaCakes118

  • Size

    657KB

  • Sample

    241002-l9j5bavbqg

  • MD5

    0a29134064c19d23dc603947eb8e44a7

  • SHA1

    a8388c728afba35e4cc231afed9041ba3edde255

  • SHA256

    138ad0b7d4f6f64be0b7a6227a794662272858a1a2f5665b6c5f9a4e0f282e85

  • SHA512

    59bb28c0c3732ca465c39f05f96abe203364e4d1d2e4c0d5e9bcca37aa2bdbc9d099d07fefdafb8b72654b4c1eae907738690d63bf82da0d3a093055ac3aa929

  • SSDEEP

    12288:MBAKKzA/yG4GQTq4OaQQTYJ8eP4/L5uO7D3f5BnSq4IalQTSJ8ePt/t5uO7EU26m:MBAXAqG4GQm4OaHYJ8eP4D5uOHBBH4IH

Malware Config

Targets

    • Target

      0a29134064c19d23dc603947eb8e44a7_JaffaCakes118

    • Size

      657KB

    • MD5

      0a29134064c19d23dc603947eb8e44a7

    • SHA1

      a8388c728afba35e4cc231afed9041ba3edde255

    • SHA256

      138ad0b7d4f6f64be0b7a6227a794662272858a1a2f5665b6c5f9a4e0f282e85

    • SHA512

      59bb28c0c3732ca465c39f05f96abe203364e4d1d2e4c0d5e9bcca37aa2bdbc9d099d07fefdafb8b72654b4c1eae907738690d63bf82da0d3a093055ac3aa929

    • SSDEEP

      12288:MBAKKzA/yG4GQTq4OaQQTYJ8eP4/L5uO7D3f5BnSq4IalQTSJ8ePt/t5uO7EU26m:MBAXAqG4GQm4OaHYJ8eP4D5uOHBBH4IH

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10
    • Target

      ffRichMediaViewV1release203chaction.js

    • Size

      859B

    • MD5

      4d9bbd82090bb30eeff6ecb0f9cb72a5

    • SHA1

      805dcc41897b1516bbbd5fb44b8cc9c8515fc776

    • SHA256

      211572504dab0a29dabb88844402c1afde6d17727b490d2200bf2e49ad25dc6d

    • SHA512

      24612f262120ca575a06d4be7f448ab02eb0b5b97621af0e6e33964fe2d00e306f368477be374d3516576c3f8d3560215b69ac53a6ba8084af8fc530f58c4c86

    Score
    3/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release203.js

    • Size

      762B

    • MD5

      991a69dffd11b9d4143603714d6ea69d

    • SHA1

      67d58aac2b2dce65a7993deed95d4d4eff6a0217

    • SHA256

      1d08eb8c7f1aa2c3840e062f68667ec0fa92552b148f9b46095799214ab3d974

    • SHA512

      9a94676fb1686e5fcb3325bd720d57da6550fd17be6e0ad1048a52ba80fcf4a9096384b10778c9ff985fafef38d2eface84b3fee6b2f05356d8cfa5d98616772

    Score
    3/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release203ffaction.js

    • Size

      698B

    • MD5

      8717ab9d7ff2a09da0f70f39957ffb7d

    • SHA1

      5b105781c2283fbbc2af0bc36b122102bb23ba77

    • SHA256

      605871572a154be401a8284a228d2665c4da230f1cbeb8614362b53ef7baba66

    • SHA512

      afe21ecc7a985af2e518d026e827b9d0edf1220f09f80b6704d21a31ce87f194c6ce441da70abdf59eee2045bd894da231800a4c1da3447205ee687b42be4382

    Score
    3/10
    • Target

      ie/RichMediaViewV1release203.dll

    • Size

      85KB

    • MD5

      f4ddc34a9b812597c86d0bcee2da1c81

    • SHA1

      7ba6c712bb176f566f44874a9218b6852e59cf4b

    • SHA256

      baeed16699b3c67d4801c1722017c9d95dace3e7c8ec97898c7f1282c9ec6c3a

    • SHA512

      fc22416eed502cd486ceeb607df507a43684647a630fcaf6715e8f9f2a2535538d55c58923335126bb7523d937025f005ae9b11fb4aa7451251329822f10a6d0

    • SSDEEP

      1536:ckf9Csc+EE7Msd5N60GlVk8jkrwKCnqLhPLlQGpcNBZ:/9++EEwsJ6FlVKCnmaGpcd

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      289KB

    • MD5

      a4c64f94c3ac1328a81ffb424dabd8f2

    • SHA1

      03cafc85d8c87298f155c17b8a4352bda1e1bb3d

    • SHA256

      becce6bc580c5088bd6d62d03864602c33c9fe675d7a6ea3e12b41dfbe69f9cf

    • SHA512

      cf97b34debced868d216e38d9739f9fc98cb59d8f28dae53dab43d74e1b61895da6246f1248189b569154b94c429e7a3b19c77fe668b2f7123886b2df7cd6354

    • SSDEEP

      6144:Ue347ySRg4l8ai5PQtTZ763J8eWW43YLYjn5uO7D32fuCa7BmC:SySq4OaQQTYJ8eP4/L5uO7D3f5Bn

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks