Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2ba5506db3...18.exe

windows7-x64

7

2ba5506db3...18.exe

windows10-2004-x64

7

$PLUGINSDI...is.dll

windows7-x64

3

$PLUGINSDI...is.dll

windows10-2004-x64

3

ffMediaWat...ion.js

windows7-x64

3

ffMediaWat...ion.js

windows10-2004-x64

3

ff/chrome/...381.js

windows7-x64

3

ff/chrome/...381.js

windows10-2004-x64

3

ff/chrome/...ion.js

windows7-x64

3

ff/chrome/...ion.js

windows10-2004-x64

3

ie/MediaWa...81.dll

windows7-x64

6

ie/MediaWa...81.dll

windows10-2004-x64

6

uninstall.exe

windows7-x64

7

uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...is.dll

windows7-x64

3

$PLUGINSDI...is.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2ba5506db32385b11f195cee7a6c650d_JaffaCakes118

  • Size

    634KB

  • Sample

    241009-f3vpkssgjk

  • MD5

    2ba5506db32385b11f195cee7a6c650d

  • SHA1

    6c782d6ce1d2f9a00ddb976ec1b488d21d5f7cf2

  • SHA256

    3f0d55cc76b37f8cad60406ad252b0b44c12017612f41004c0c04d2985eb1336

  • SHA512

    6afafdf44776d5beadd2e62bc8287b2575e42bbcb13215b26bbf75a6990c13e9e83b47753cd9c8d53bac185539319e136da6b3131364bb368d83510002d6eee4

  • SSDEEP

    12288:HipfnwAyG4GjeZHkwuPikQ7lKH5p5H9x1KeZHkwuViRQJlKT5pjxFlfY:HitwAyG4GjeZEXi37l6Br1KeZEti2Jlf

Score
7/10
adwarediscoveryexecutionspywarestealer

Malware Config

Targets

    • Target

      2ba5506db32385b11f195cee7a6c650d_JaffaCakes118

    • Size

      634KB

    • MD5

      2ba5506db32385b11f195cee7a6c650d

    • SHA1

      6c782d6ce1d2f9a00ddb976ec1b488d21d5f7cf2

    • SHA256

      3f0d55cc76b37f8cad60406ad252b0b44c12017612f41004c0c04d2985eb1336

    • SHA512

      6afafdf44776d5beadd2e62bc8287b2575e42bbcb13215b26bbf75a6990c13e9e83b47753cd9c8d53bac185539319e136da6b3131364bb368d83510002d6eee4

    • SSDEEP

      12288:HipfnwAyG4GjeZHkwuPikQ7lKH5p5H9x1KeZHkwuViRQJlKT5pjxFlfY:HitwAyG4GjeZEXi37l6Br1KeZEti2Jlf

    Score
    7/10
    adwarediscoveryspywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      ffMediaWatchV1home2381chaction.js

    • Size

      834B

    • MD5

      80a6ba75a70c414780f09b8ca38d2d58

    • SHA1

      dd89f30db63bce299ea71627fcd46ee73a256f24

    • SHA256

      cc2b0552cfe449a86f0cf2cf22859c78bb8c6a512cd6d449a80e876d4c73bdc4

    • SHA512

      4030b09302909eb3e0b3bb88884c671e17f3f7fbdf1613fc36cbf81130526a83f7d7b8bdbbb0a24f8b12d063b2e00202bf4d18b8a0a748e37eb9a89a378f6f4f

    Score
    3/10
    execution
    behavioral5behavioral6

    • Target

      ff/chrome/content/ffMediaWatchV1home2381.js

    • Size

      747B

    • MD5

      b177f5657fdedac0d7f481ff3b57c368

    • SHA1

      40c9fe126bf582541782d4e19f577e53bb13091e

    • SHA256

      9a5cd7fa3b92ea18172295b36c99ee2c5db22cbf900313ab6d3b6dee44a1345c

    • SHA512

      befdc6ae73f8c91f94b57c83b5ee98890be216a08666880d656dc15f8c9de0efab5388e35ffd5afcc50d67bdce0a08b9b8e9c170abe1ff6ce629d05681967727

    Score
    3/10
    execution
    behavioral7behavioral8

    • Target

      ff/chrome/content/ffMediaWatchV1home2381ffaction.js

    • Size

      678B

    • MD5

      28ed875f27760a4b7b1c40969ade4ef4

    • SHA1

      5a2359cbb2ee0a2520caf6a405d13b8bc4c74bb7

    • SHA256

      6ac1f7eec83c92252effa03dc8130db0605bbf437eb648706addb12de9929f0f

    • SHA512

      8544f9b8b962510f8a4e5006f0001c91e543bfafd4731afb6d5309c527dd2cf2be95bc5fcb7027929320cdedb09f782c385f8dc72f1dbe7a7e6606b5e22d5695

    Score
    3/10
    execution
    behavioral10behavioral9

    • Target

      ie/MediaWatchV1home2381.dll

    • Size

      85KB

    • MD5

      9719204ac813cf91b88eb9b960591505

    • SHA1

      33002ca5b49d0863f36ab629250e18b626e9a250

    • SHA256

      07be6b1071564a869035dc03ad1010537cce3a1e21514f80671b143fb3bd0b5a

    • SHA512

      7a626f5cf5e9349e2e283e0749bec697435cb30ec56ad280bc01599f64253970a57e42489f371b8800783be6d74c27aa13f0e606c00744213fd2db251cb755d8

    • SSDEEP

      1536:28/1CsEmka04RhRtahrOb8DkhU7oHA9glQ3Pax:x12mka0ElahrOcogua3Pa

    Score
    6/10
    adwarediscoverystealer

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral11behavioral12

    • Target

      uninstall.exe

    • Size

      285KB

    • MD5

      ef6751619af89cd58cce534b07a03413

    • SHA1

      1213f09345f6911bb4c17aace75eaca2924642c8

    • SHA256

      e8e9c2e9b4d99a741548e5f664ca01d8500d4f7d4710acc19234ab8b15319e1e

    • SHA512

      6183b2c71f3a79cbca1e29e3422220e3612e824afaac64eb623d32cb6a573f72d018708501ef3a3486d82d13c2c0e0539831c0fa48d094b44cf74a23a2ba466b

    • SSDEEP

      6144:Ee3448OpeZH+zpyuuz6GZkDOJ/7OafSH5KmrWym09x18:NFeZHkwuPikQ7lKH5p5H9x18

    Score
    7/10
    discoveryspywarestealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral13behavioral14

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10
    discovery
    behavioral15behavioral16

MITRE ATT&CK Enterprise v15

Tasks