Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0e33b00d35c755562043fe7fe9b7ae77_JaffaCakes118

  • Size

    2.3MB

  • Sample

    241003-gf92es1enc

  • MD5

    0e33b00d35c755562043fe7fe9b7ae77

  • SHA1

    a90f1b32e7680df523287a8a6394b66ff274497b

  • SHA256

    bc54c023051826946addecb5d79d6d803ef9954284acb58f340344765ee232bc

  • SHA512

    260e7b5ec24020bd5346494994093aef95442beb131dd1d71736022e17f055bce078b3406e5ec5cb244b8b4d26d6fe8e83ffb171e9082efb9774fed0a042d707

  • SSDEEP

    24576:06lzh36fbL0ySYK63k4yO6AbzppgJLo01dvXjyolmkHCAi1WcrtpIqj7mEeKu2xQ:9AO6TN6ZLbdzlmaCAcjIO7I2QnjiY

Malware Config

Targets

    • Target

      0e33b00d35c755562043fe7fe9b7ae77_JaffaCakes118

    • Size

      2.3MB

    • MD5

      0e33b00d35c755562043fe7fe9b7ae77

    • SHA1

      a90f1b32e7680df523287a8a6394b66ff274497b

    • SHA256

      bc54c023051826946addecb5d79d6d803ef9954284acb58f340344765ee232bc

    • SHA512

      260e7b5ec24020bd5346494994093aef95442beb131dd1d71736022e17f055bce078b3406e5ec5cb244b8b4d26d6fe8e83ffb171e9082efb9774fed0a042d707

    • SSDEEP

      24576:06lzh36fbL0ySYK63k4yO6AbzppgJLo01dvXjyolmkHCAi1WcrtpIqj7mEeKu2xQ:9AO6TN6ZLbdzlmaCAcjIO7I2QnjiY

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      325b008aec81e5aaa57096f05d4212b5

    • SHA1

      27a2d89747a20305b6518438eff5b9f57f7df5c3

    • SHA256

      c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    • SHA512

      18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

    • SSDEEP

      192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo

    Score
    3/10
    • Target

      $PLUGINSDIR/LangDLL.dll

    • Size

      5KB

    • MD5

      9384f4007c492d4fa040924f31c00166

    • SHA1

      aba37faef30d7c445584c688a0b5638f5db31c7b

    • SHA256

      60a964095af1be79f6a99b22212fefe2d16f5a0afd7e707d14394e4143e3f4f5

    • SHA512

      68f158887e24302673227adffc688fd3edabf097d7f5410f983e06c6b9c7344ca1d8a45c7fa05553adcc5987993df3a298763477168d4842e554c4eb93b9aaaf

    • SSDEEP

      48:iV6pAvmNC6iMPUptxEZK65x/AmvycNSmwVsOYJyvrpXptp/JvR0Jlof5d2:2811GED5ZTvycNSmwVsTJuftpZR0Sd2

    Score
    3/10
    • Target

      $PLUGINSDIR/NSISdl.dll

    • Size

      14KB

    • MD5

      a5f8399a743ab7f9c88c645c35b1ebb5

    • SHA1

      168f3c158913b0367bf79fa413357fbe97018191

    • SHA256

      dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

    • SHA512

      824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

    • SSDEEP

      192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $PLUGINSDIR/UAC.dll

    • Size

      17KB

    • MD5

      09caf01bc8d88eeb733abc161acff659

    • SHA1

      b8c2126d641f88628c632dd2259686da3776a6da

    • SHA256

      3555afe95e8bb269240a21520361677b280562b802978fccfb27490c79b9a478

    • SHA512

      ef1e8fc4fc8f5609483b2c459d00a47036699dfb70b6be6f10a30c5d2fc66bae174345bffa9a44abd9ca029e609ff834d701ff6a769cca09fe5562365d5010fa

    • SSDEEP

      384:w9JzaeWrF8d22hXAGFkr2WqErkuCYMAWS5Ns8AXXki:wLaBrrTXr3qruCYuS5qk

    Score
    3/10
    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      acc2b699edfea5bf5aae45aba3a41e96

    • SHA1

      d2accf4d494e43ceb2cff69abe4dd17147d29cc2

    • SHA256

      168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

    • SHA512

      e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

    • SSDEEP

      96:M7GUb+YNfwgcr8zyKwZ5S4JxN8BS0ef9/3VI9d0qqyVgNk32E:eKgfwgcr8zylsB49Ud0qJVgNX

    Score
    3/10
    • Target

      $TEMP/Toolbar_Phpnuke.exe

    • Size

      210KB

    • MD5

      1e3e68a0a110922361890ff0de710d74

    • SHA1

      adf466a53c099099541e48655118e2dfeea75be2

    • SHA256

      0930a168d6c22438d2d55cda730b93b330e849325d6ac47590682b3417541baf

    • SHA512

      3a769923b6822dc4d62f3bde718efa87c3da8d5fa7237128236c6249e0d4a1345c0c1b23fdf669052ae30551ac79258ab9e654eb44480b7f0033ea460562f565

    • SSDEEP

      3072:OLk395hYXJN3rSx0M1BnmSplKPl/L49qqw2LsFLK2pJBdEjy4RP/tsFLK2pJBdEb:OQq3W2M3mWsoBL8N7jEjt5V8N7jEjt/5

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      325b008aec81e5aaa57096f05d4212b5

    • SHA1

      27a2d89747a20305b6518438eff5b9f57f7df5c3

    • SHA256

      c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    • SHA512

      18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

    • SSDEEP

      192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo

    Score
    3/10
    • Target

      $PLUGINSDIR/LangDLL.dll

    • Size

      5KB

    • MD5

      9384f4007c492d4fa040924f31c00166

    • SHA1

      aba37faef30d7c445584c688a0b5638f5db31c7b

    • SHA256

      60a964095af1be79f6a99b22212fefe2d16f5a0afd7e707d14394e4143e3f4f5

    • SHA512

      68f158887e24302673227adffc688fd3edabf097d7f5410f983e06c6b9c7344ca1d8a45c7fa05553adcc5987993df3a298763477168d4842e554c4eb93b9aaaf

    • SSDEEP

      48:iV6pAvmNC6iMPUptxEZK65x/AmvycNSmwVsOYJyvrpXptp/JvR0Jlof5d2:2811GED5ZTvycNSmwVsTJuftpZR0Sd2

    Score
    3/10
    • Target

      $PLUGINSDIR/NSISdl.dll

    • Size

      14KB

    • MD5

      a5f8399a743ab7f9c88c645c35b1ebb5

    • SHA1

      168f3c158913b0367bf79fa413357fbe97018191

    • SHA256

      dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

    • SHA512

      824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

    • SSDEEP

      192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $PLUGINSDIR/nsRandom.dll

    • Size

      21KB

    • MD5

      ab467b8dfaa660a0f0e5b26e28af5735

    • SHA1

      596abd2c31eaff3479edf2069db1c155b59ce74d

    • SHA256

      db267d9920395b4badc48de04df99dfd21d579480d103cae0f48e6578197ff73

    • SHA512

      7d002dc203997b8a4d8ec20c92cd82848e29d746414f4a61265c76d4afb12c05bce826fc63f4d2bd3d527f38506c391855767d864c37584df11b5db9ca008301

    • SSDEEP

      384:LCHDPMs4GdtyO5roguusMxUXiO3wOw95euooP2UgKbd9BvNtf:LCHD6Gh87MKXil/5r2U3z

    Score
    5/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $PLUGINSDIR/nsisdt.dll

    • Size

      5KB

    • MD5

      df4795dfabe3bc9278a73d496cc4b40d

    • SHA1

      2648ded47e29ecf3e1a1cc20c631e83caf566897

    • SHA256

      2261027077f23c8dba6b72af28862832aaa059740d0f5634b46cabb14326dd10

    • SHA512

      013d9712c3d699a7f41ab3e55931c9abb421fb2eda3542da5a4831ad2f073a1b0643120cc78147db0bfcd01df98ade3045ecb2f1e252fff1dc40be845e5ae303

    • SSDEEP

      24:etGSyYi61xyMmuEwv61OVXOwr+t5blXgO8ELnD3TPrHjf7Xz5CY1aeBEW58q6TvK:6y2xyNuEwWwU5blmPeB958xTvT7L/

    Score
    3/10
    • Target

      $R0

    • Size

      76KB

    • MD5

      ee5fb0fd8c2d19d90e8fad8e8636a38e

    • SHA1

      5d41abc6c1e69e72466eeb4e4f2128ac0343bb16

    • SHA256

      02e1d44c854de1f8400a1cc24c2ba89efec402cf327dd192b0c581c6e01dede9

    • SHA512

      607212af21ecd1d0bb0f308f566a457c8ed57d71eb4848242f5efe450de149b232c0953dde49140a8b4e6571fabbc21196272a1a856a6b34cb2da27c38def68f

    • SSDEEP

      1536:i9WOwFoMsRscYxgzD9Fs8DgbSXNNB7vrf52rTYa:iP2/IhDFX3Brf52rTh

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      $R2/NSIS.Library.RegTool.v3.$_4_.exe

    • Size

      5KB

    • MD5

      1f694e53532eb452ce7ae7f4523fde76

    • SHA1

      59609431a30f3a01aa07003dd09e9600961fbc2f

    • SHA256

      13e8d49e4729e2e6f71956770582c1ec2b632068a3cc9eb8fdc7a3428bab151c

    • SHA512

      046334e0ea75227938c706c2fa7a7ca64cc10433eeeb1835a045f5a079beceb1a059e44f348d2f1d6e2797de966c3004f3a9c37b78a1b18c90fb851edeac38f9

    • SSDEEP

      96:GFw199Edyn/3sxi2sS8HVrqbdC9Xh+MClQGZ56:D19CgfsbsS8HVWbd9XlQGZ5

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
7/10

behavioral1

adwarediscoveryspywarestealerupx
Score
7/10

behavioral2

adwarediscoveryspywarestealerupx
Score
7/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

adwarediscoveryspywarestealerupx
Score
7/10

behavioral16

adwarediscoveryspywarestealerupx
Score
7/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

discoveryupx
Score
5/10

behavioral26

discoveryupx
Score
5/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

adwarediscoverystealer
Score
6/10

behavioral30

adwarediscoverystealer
Score
6/10

behavioral31

Score
1/10

behavioral32

discovery
Score
3/10