Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

25c4ae65e0...18.exe

windows7-x64

7

25c4ae65e0...18.exe

windows10-2004-x64

7

$PLUGINSDI...is.dll

windows7-x64

3

$PLUGINSDI...is.dll

windows10-2004-x64

3

ffMediaWat...ion.js

windows7-x64

3

ffMediaWat...ion.js

windows10-2004-x64

3

ff/chrome/...436.js

windows7-x64

3

ff/chrome/...436.js

windows10-2004-x64

3

ff/chrome/...ion.js

windows7-x64

3

ff/chrome/...ion.js

windows10-2004-x64

3

ie/MediaWa...36.dll

windows7-x64

6

ie/MediaWa...36.dll

windows10-2004-x64

6

uninstall.exe

windows7-x64

7

uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...is.dll

windows7-x64

3

$PLUGINSDI...is.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    25c4ae65e08b895279d287fa70cd0a53_JaffaCakes118

  • Size

    634KB

  • Sample

    241008-1eq2pssgqc

  • MD5

    25c4ae65e08b895279d287fa70cd0a53

  • SHA1

    2e21ecd493dd724e18727cfe3a833033dcc8bb8e

  • SHA256

    c206f93178517a08a5058271ad32c50769b4e2acd289411017324b87eaa4b42a

  • SHA512

    2da6dc8fb00e80cbaef9952d424ffd0d5e354835ed6457e106db4ebab5a57a95b785a7c2e75d045c2e67e4201a32217ec7455b3667ac6e76f7a061331673712a

  • SSDEEP

    12288:L9pNG4GjeZHkwuPikQ7lKH5p5H9x1WeZHkwuHi/QrlKd5pnxlMlfA:LZG4GjeZEXi37l6Br1WeZEfiYrleffM2

Score
7/10
adwarediscoveryexecutionspywarestealer

Malware Config

Targets

    • Target

      25c4ae65e08b895279d287fa70cd0a53_JaffaCakes118

    • Size

      634KB

    • MD5

      25c4ae65e08b895279d287fa70cd0a53

    • SHA1

      2e21ecd493dd724e18727cfe3a833033dcc8bb8e

    • SHA256

      c206f93178517a08a5058271ad32c50769b4e2acd289411017324b87eaa4b42a

    • SHA512

      2da6dc8fb00e80cbaef9952d424ffd0d5e354835ed6457e106db4ebab5a57a95b785a7c2e75d045c2e67e4201a32217ec7455b3667ac6e76f7a061331673712a

    • SSDEEP

      12288:L9pNG4GjeZHkwuPikQ7lKH5p5H9x1WeZHkwuHi/QrlKd5pnxlMlfA:LZG4GjeZEXi37l6Br1WeZEfiYrleffM2

    Score
    7/10
    adwarediscoveryspywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      ffMediaWatchV1home436chaction.js

    • Size

      829B

    • MD5

      2efcb6266b26c0e91ee098563780fce2

    • SHA1

      d3ed9cd02249e2342cbdf21993bc57f004a16b68

    • SHA256

      c06ee60f5ab04266308e2e6a3a1d175a5471cd84891c242179552f972fa98b66

    • SHA512

      7c752ca14752b1a79e1ec48dfdb9d307a66af304f5fee61da64a608391dfcd1f1533eec3359e96052c301fc69e40b2d39844005add3ff14cbb9c2f981d2b4866

    Score
    3/10
    execution
    behavioral5behavioral6

    • Target

      ff/chrome/content/ffMediaWatchV1home436.js

    • Size

      744B

    • MD5

      27fde83940f9af8e99c356c14a0ee027

    • SHA1

      dc34c1e3906ef72cebce0316d5670d9f0815cc9d

    • SHA256

      ab68128d519e56c5640e71f5ba3afe2377b76fd4fbe8863e9f4dc611db52e4b4

    • SHA512

      2fe7a242e121e0155dca9b89bcf62a6f24664d248714d9c2dfc65ddb5ee25e24dbced8a26972b17a72a9efdf3f4a41da323352fddbd58259645b083db93572b9

    Score
    3/10
    execution
    behavioral7behavioral8

    • Target

      ff/chrome/content/ffMediaWatchV1home436ffaction.js

    • Size

      674B

    • MD5

      ab0fd7cec74b63c055af7d07517b7e26

    • SHA1

      0cbbe54accdd0cffbb5c84fa90049bdae295fcaf

    • SHA256

      18057f53440bbf883cc1066a78768594d1bc7d296a4bf8922eb3fa585ce2b39e

    • SHA512

      2607fd2a7cce89df09a582c069e61ce17159ff023d20ba8d01348834fd33e1cb649db534139c5e0c75a8891e8f36950f42c0507951fdbc7e1cf3915892a73eac

    Score
    3/10
    execution
    behavioral10behavioral9

    • Target

      ie/MediaWatchV1home436.dll

    • Size

      85KB

    • MD5

      7ce83b41c6fef1c1c851123023a6321a

    • SHA1

      e92db6bd21240a01810b9a06189646933c6d649f

    • SHA256

      ec2e3324dbcc6d97a5c05309b24729a388137868a78e8b548e9cad430045d806

    • SHA512

      aaf23bc5ec71ea4c716bf8c7a3a96996051800673ada095b1617e81d176ed7ab3f36b41efd166cb07268a7706bff4c1030dc6cd314861e36b3cd06c7d5f48501

    • SSDEEP

      1536:sn/1CsEmkaMAPtahrOb8DktB8HA9glQGNr1LKhF:o12mkaMAFahrOB8guaGNlW

    Score
    6/10
    adwarediscoverystealer

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral11behavioral12

    • Target

      uninstall.exe

    • Size

      285KB

    • MD5

      ce0c9927fd75ded7112843370bd6e87b

    • SHA1

      7b60db758c8722bb9a599a7726bbf1c8d9ac0651

    • SHA256

      2f63bcfaee8fd6f0da5d6ddd43911a861f1f32b63ca867769de6676ab58138de

    • SHA512

      81c5180c718478bb657c27e105ed55dbc036ae1f7993a8b90567642f3b95e7b449b5f14316e1ee34f5cd65e777e94e4ca5567423b107f85207792116cfafe79a

    • SSDEEP

      6144:Ee34MxrpeZH+zpyuuz6GZkDOJ/7OafSH5KmrWym09x1e:p3eZHkwuPikQ7lKH5p5H9x1e

    Score
    7/10
    discoveryspywarestealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral13behavioral14

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10
    discovery
    behavioral15behavioral16

MITRE ATT&CK Enterprise v15

Tasks