Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

178a210830...18.exe

windows7-x64

7

178a210830...18.exe

windows10-2004-x64

7

$PLUGINSDI...is.dll

windows7-x64

3

$PLUGINSDI...is.dll

windows10-2004-x64

3

ffMediaWat...ion.js

windows7-x64

3

ffMediaWat...ion.js

windows10-2004-x64

3

ff/chrome/...667.js

windows7-x64

3

ff/chrome/...667.js

windows10-2004-x64

3

ff/chrome/...ion.js

windows7-x64

3

ff/chrome/...ion.js

windows10-2004-x64

3

ie/MediaWa...67.dll

windows7-x64

6

ie/MediaWa...67.dll

windows10-2004-x64

6

uninstall.exe

windows7-x64

7

uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...is.dll

windows7-x64

3

$PLUGINSDI...is.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    178a210830c126b829b41485b57b7010_JaffaCakes118

  • Size

    634KB

  • Sample

    241006-lj1z5s1ela

  • MD5

    178a210830c126b829b41485b57b7010

  • SHA1

    7218a2aa55355489e71e6233ecc4abfe23e91c6e

  • SHA256

    38c2ea46ee7490f1c6fc686828c643a5576a58774f2bd75711aaba280e8ff058

  • SHA512

    42253c8ae7abd0f8850a8a15300205b118b94eccda421e51c9f5c72638d6fa19160a385f7119891387dd8d52a20634646aff65ca75bdf6c28baebafe2a55e516

  • SSDEEP

    12288:Z2q5ZMKONbQG4GjeZHkwuPikQ7lKH5p5H9x1WeZHkwuDivQhlKL5p/xlolff:Z2mZM0G4GjeZEXi37l6Br1WeZE7iohlP

Score
7/10
adwarediscoveryexecutionspywarestealer

Malware Config

Targets

    • Target

      178a210830c126b829b41485b57b7010_JaffaCakes118

    • Size

      634KB

    • MD5

      178a210830c126b829b41485b57b7010

    • SHA1

      7218a2aa55355489e71e6233ecc4abfe23e91c6e

    • SHA256

      38c2ea46ee7490f1c6fc686828c643a5576a58774f2bd75711aaba280e8ff058

    • SHA512

      42253c8ae7abd0f8850a8a15300205b118b94eccda421e51c9f5c72638d6fa19160a385f7119891387dd8d52a20634646aff65ca75bdf6c28baebafe2a55e516

    • SSDEEP

      12288:Z2q5ZMKONbQG4GjeZHkwuPikQ7lKH5p5H9x1WeZHkwuDivQhlKL5p/xlolff:Z2mZM0G4GjeZEXi37l6Br1WeZE7iohlP

    Score
    7/10
    adwarediscoveryspywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      ffMediaWatchV1home667chaction.js

    • Size

      829B

    • MD5

      f5d510b81b6fa8165369876d587127d1

    • SHA1

      6d8260d92c4b2ec872f1641055b94875475a7d05

    • SHA256

      e6642e654023f02196b7bf1f81942c3febe26933e42b5e3eabc62b4e9c28f79e

    • SHA512

      fbf8db96b003e2335f232597a8ca2ec4653d4a97dece3483bbfb1b378d43a211ab0b413c5851f30f9584926237a73720dd7cf23c1f543f493926ae7d4a115fc2

    Score
    3/10
    execution
    behavioral5behavioral6

    • Target

      ff/chrome/content/ffMediaWatchV1home667.js

    • Size

      744B

    • MD5

      38c5567a110f9cb5934895968ed37682

    • SHA1

      18658fe21f1dc0166696f67a02c02552129446d1

    • SHA256

      2b6d69b4e1bcc6f69a36b8fd77ee264b49f312f9f39e8e74722f4c35b65efdf8

    • SHA512

      b9211fa807914298b1ac823fc17f0d0ccb57f77afc504a1c1834bd2de9ac53c7334207168315db53828594300b325170a319419e4a6affe7e2b1f9f76f76080e

    Score
    3/10
    execution
    behavioral7behavioral8

    • Target

      ff/chrome/content/ffMediaWatchV1home667ffaction.js

    • Size

      674B

    • MD5

      7edca296a16e8ddd75fd86180342d13e

    • SHA1

      5fbfce7e3e2163aca43f6a2281be0fa7a2d3afdd

    • SHA256

      3f237c84579b79ddc3c9565cbfbd4c3355af9449488145540f815f4cd6540ea7

    • SHA512

      eef4e11925a2c8fbebb556f094773e9a1631f6a1b03b51193011400dd4c68979c4061521c96e270679d068bf168cff0b40063f7dffaf6bdc7df5bdd0a195b61e

    Score
    3/10
    execution
    behavioral10behavioral9

    • Target

      ie/MediaWatchV1home667.dll

    • Size

      85KB

    • MD5

      cc42da76f4f56b26e0fc453e5fd12586

    • SHA1

      53a658622cd936c6f54edf0c5d1adcb02facd1b9

    • SHA256

      3d75ff0edad68fe5a061fc991d24ae2d2b91b85f477460dc8b544e346999be3f

    • SHA512

      122a14046a1229be8569cdf29e12c51c6b4fb06780618ded65e637f4f743a7eaf9dd44bcee4a37b8003c5b847f33b13d018db4225a0b81d4c90f530494bd5963

    • SSDEEP

      1536:An/1CsEmkaMAvtahrOb8DktbeHA9glQJlYPF:012mkaMAlahrObeguaJlC

    Score
    6/10
    adwarediscoverystealer

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral11behavioral12

    • Target

      uninstall.exe

    • Size

      285KB

    • MD5

      e91fe75411f7716a092a8510bbe6318c

    • SHA1

      29f14266092a9a7d3aa6535a6ab505566e4d25f0

    • SHA256

      bb5799b8ede402fdddb4270f4e56eb1962cbb21348652025b3ebdf7509395ff7

    • SHA512

      96f31721e7050b45c9fd32641fcab26e9b6e60a8858bd6587ebdca063d948898bccf6eb20d6ab2b949c6758a018153be904cc520269a68332811e1cd375b3eff

    • SSDEEP

      6144:Ee34KIpeZH+zpyuuz6GZkDOJ/7OafSH5KmrWym09x1b:L0eZHkwuPikQ7lKH5p5H9x1b

    Score
    7/10
    discoveryspywarestealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral13behavioral14

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10
    discovery
    behavioral15behavioral16

MITRE ATT&CK Enterprise v15

Tasks