Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

0e9f1aba13...18.exe

windows7-x64

7

0e9f1aba13...18.exe

windows10-2004-x64

7

$PLUGINSDI...is.dll

windows7-x64

3

$PLUGINSDI...is.dll

windows10-2004-x64

3

ffMediaWat...ion.js

windows7-x64

3

ffMediaWat...ion.js

windows10-2004-x64

3

ff/chrome/...e72.js

windows7-x64

3

ff/chrome/...e72.js

windows10-2004-x64

3

ff/chrome/...ion.js

windows7-x64

3

ff/chrome/...ion.js

windows10-2004-x64

3

ie/MediaWa...72.dll

windows7-x64

6

ie/MediaWa...72.dll

windows10-2004-x64

6

uninstall.exe

windows7-x64

7

uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...is.dll

windows7-x64

3

$PLUGINSDI...is.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0e9f1aba13f20cfb900948267e24d8a3_JaffaCakes118

  • Size

    634KB

  • Sample

    241003-jghdxasblr

  • MD5

    0e9f1aba13f20cfb900948267e24d8a3

  • SHA1

    6acdfb9214ea831e6454cf7895eb2c2b25cbe0f7

  • SHA256

    fff735b78e50eaabe5f374ce6f5bc37929af6a132a8b54f84fce9a2a41d45067

  • SHA512

    814a2407e8ca6cf0b31efee25fd0075c77e59b5e2834f82091f34ee5272e218c91e1cf37d45b084dd251eb76f462f8d737bcc99b24fcda9b716586c56b7f63fd

  • SSDEEP

    12288:SsUlt4G4GjeZHkwuPikQ7lKH5p5H9x1SeZHkwuziDQBlKR5psxjlfv:S7oG4GjeZEXi37l6Br1SeZEriMBlm0NN

Score
7/10
adwarediscoveryexecutionspywarestealer

Malware Config

Targets

    • Target

      0e9f1aba13f20cfb900948267e24d8a3_JaffaCakes118

    • Size

      634KB

    • MD5

      0e9f1aba13f20cfb900948267e24d8a3

    • SHA1

      6acdfb9214ea831e6454cf7895eb2c2b25cbe0f7

    • SHA256

      fff735b78e50eaabe5f374ce6f5bc37929af6a132a8b54f84fce9a2a41d45067

    • SHA512

      814a2407e8ca6cf0b31efee25fd0075c77e59b5e2834f82091f34ee5272e218c91e1cf37d45b084dd251eb76f462f8d737bcc99b24fcda9b716586c56b7f63fd

    • SSDEEP

      12288:SsUlt4G4GjeZHkwuPikQ7lKH5p5H9x1SeZHkwuziDQBlKR5psxjlfv:S7oG4GjeZEXi37l6Br1SeZEriMBlm0NN

    Score
    7/10
    adwarediscoveryspywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      ffMediaWatchV1home72chaction.js

    • Size

      824B

    • MD5

      a2c33a37b676c385abab9da34f3e70cc

    • SHA1

      ac0dc2cba308974850a0a24ed0aeb16791711f39

    • SHA256

      6332d76e607def831c9e97c30e1d8c530c81e226da5151eae2ca7c279aaa0259

    • SHA512

      9eb39ac30b48b55a46aa98813b97586afa597cfdff3f111d306235e68976ee07e68f54ca666278e292a0be49d83274fd5a5d1dfbf31ea29e2eaa3524cd33e3ce

    Score
    3/10
    execution
    behavioral5behavioral6

    • Target

      ff/chrome/content/ffMediaWatchV1home72.js

    • Size

      741B

    • MD5

      672f99b771b8d6a5c8eaf3186019dc5a

    • SHA1

      ae5428ae74ac1e38cee8a5ee9e78c65295c6a06d

    • SHA256

      219df05f9cddb9b09d1ea1c16c22d2f556340f48711e830354c9ddf7050cad8d

    • SHA512

      c47839b1377aa40d7d9945b46cc57ebafc2112be498e99100688a66d2de53cce3a82b5fb656595dae470c2a68bf9e1800a65bbc5ac1b929a2dab016b9af6d33c

    Score
    3/10
    execution
    behavioral7behavioral8

    • Target

      ff/chrome/content/ffMediaWatchV1home72ffaction.js

    • Size

      670B

    • MD5

      49da915ede2c3e0c8a4272cc3b73f9a5

    • SHA1

      94e23f0092cf5c8efb91e3cf87e353e99dd25288

    • SHA256

      104ab086a4f27ba76035df7415978247a3428263cce533a62c89fff4e57d7bd9

    • SHA512

      75f85674491a4aa43bb53fcb7e1efaeb4dfcfb0b7a3c86e652acf7af8e577af913fc2da8052841100858e58787f9056df05512996f578064987a0058f9c5cf1c

    Score
    3/10
    execution
    behavioral10behavioral9

    • Target

      ie/MediaWatchV1home72.dll

    • Size

      85KB

    • MD5

      0e402c1ce3cfd7a81a2f066229008a72

    • SHA1

      11059f2fdf098c88f978f9451dbb44c7fefdd247

    • SHA256

      6e0f1037510b868f238ea281ad09f4597733118f3d7e3c327a36b9bf4f5191e4

    • SHA512

      270439ee44eab60fd83c92cc07dce4e1999392f6dec46ba3465fd2467ca54ac3f9f6deffaa78ba4fe095eb2ac600b0cfe6380d11fe0a7cd7b40e691d30c4efe1

    • SSDEEP

      1536:dy/YCsh1Eb2VGAtK7gjzAcTkWGFBXbxlQDpXO:EYT1Eb2VGOK76z2FBrxaDpX

    Score
    6/10
    adwarediscoverystealer

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral11behavioral12

    • Target

      uninstall.exe

    • Size

      285KB

    • MD5

      f96b12de60766411f5d878af9f0cc115

    • SHA1

      8619182ad87a8e873bac64f05ac6f9416da81501

    • SHA256

      e4b71b58b2c5698c73338c28e9d71734cb4c8dd506c8463ccece548472442ce3

    • SHA512

      446d67699fbc8e02e805a4cfa4d778a97f65183517b949788ee39d866d9b3366cf90f120654d0573ac81b1121deb59bdd9ac03ed4027d1ba6a83fddfd553f3ea

    • SSDEEP

      6144:Ee34xVpeZH+zpyuuz6GZkDOJ/7OafSH5KmrWym09x1W:8jeZHkwuPikQ7lKH5p5H9x1W

    Score
    7/10
    discoveryspywarestealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral13behavioral14

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10
    discovery
    behavioral15behavioral16

MITRE ATT&CK Enterprise v15

Tasks