Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

2d814564ff...18.exe

windows7-x64

9

2d814564ff...18.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

demulsifier.dll

windows7-x64

3

demulsifier.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2d814564ff4574bd423496bdd6105c24_JaffaCakes118

  • Size

    151KB

  • Sample

    241009-jnzxjazemc

  • MD5

    2d814564ff4574bd423496bdd6105c24

  • SHA1

    235d0914151a37b46178279f4793fc52acad2cfb

  • SHA256

    ac24889f515b094fdf81f3d0144fb97357484a5b01bd65ac3e4b68c34b7c28c2

  • SHA512

    7d1fe28a802738c1a5b212f338d8c8f41b449144e083dac28439225f46edd69d6e24944da7749f9aec968165585200a1188c6d5bec4e63fc5806158a3535ec80

  • SSDEEP

    3072:tAsj8MBX8s0oXJB/sOea7NSnQLz0ZW5DRJCMs3onqr55w3jFTDGW3U:tAsBZjsOunGzL5s/rzwzNDGW3U

Score
9/10
defense_evasiondiscoveryexecutionimpactpersistenceransomware

Malware Config

Targets

    • Target

      2d814564ff4574bd423496bdd6105c24_JaffaCakes118

    • Size

      151KB

    • MD5

      2d814564ff4574bd423496bdd6105c24

    • SHA1

      235d0914151a37b46178279f4793fc52acad2cfb

    • SHA256

      ac24889f515b094fdf81f3d0144fb97357484a5b01bd65ac3e4b68c34b7c28c2

    • SHA512

      7d1fe28a802738c1a5b212f338d8c8f41b449144e083dac28439225f46edd69d6e24944da7749f9aec968165585200a1188c6d5bec4e63fc5806158a3535ec80

    • SSDEEP

      3072:tAsj8MBX8s0oXJB/sOea7NSnQLz0ZW5DRJCMs3onqr55w3jFTDGW3U:tAsBZjsOunGzL5s/rzwzNDGW3U

    Score
    9/10
    defense_evasiondiscoveryexecutionimpactpersistenceransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      883eff06ac96966270731e4e22817e11

    • SHA1

      523c87c98236cbc04430e87ec19b977595092ac8

    • SHA256

      44e5dfd551b38e886214bd6b9c8ee913c4c4d1f085a6575d97c3e892b925da82

    • SHA512

      60333253342476911c84bbc1d9bf8a29f811207787fdd6107dce8d2b6e031669303f28133ffc811971ed7792087fe90fb1faabc0af4e91c298ba51e28109a390

    • SSDEEP

      96:UPDYcJ+nx4vVp76JX7zBlkCg21Fxz4THxtrqw1at0JgwLEjo+OB3yUVCdl/wNj+l:UPtkuWJX7zB3kGwfy0nyUVsxCjOMb1u

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      demulsifier.dll

    • Size

      48KB

    • MD5

      0f7f8bae2118868084d406681891e516

    • SHA1

      85c617dda6681684fc43b072d19b84c5814202ae

    • SHA256

      673c5ad011a6b210b5be729f58ec096133db23d09ee29ab8006dd04e0f107321

    • SHA512

      8b30135f51b8b36f24d0170d615610ce8a5c82d0520b16662e2aa9711074996812f57bb9a6d7202c626f6484c82cb72b3467d469cd395423dd9aa21b6dcc24aa

    • SSDEEP

      768:qUQwWHkeTKfAq89CyPdPP+pgIG/8oiK5Dv:TokeTKfm9dP8vRoR

    Score
    3/10
    discovery
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks