Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

5

39ce57a07b...18.exe

windows7-x64

7

39ce57a07b...18.exe

windows10-2004-x64

7

$DESKTOP/t...r_.exe

windows7-x64

7

$DESKTOP/t...r_.exe

windows10-2004-x64

7

$DESKTOP/t...AS.exe

windows7-x64

1

$DESKTOP/t...AS.exe

windows10-2004-x64

3

$DESKTOP/t...TV.dll

windows7-x64

3

$DESKTOP/t...TV.dll

windows10-2004-x64

3

$DESKTOP/t...er.exe

windows7-x64

7

$DESKTOP/t...er.exe

windows10-2004-x64

7

$DESKTOP/t...st.exe

windows7-x64

1

$DESKTOP/t...st.exe

windows10-2004-x64

3

$PLUGINSDI...on.dll

windows7-x64

3

$PLUGINSDI...on.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    39ce57a07b5dfc971c3ce0d76a9f70a3_JaffaCakes118

  • Size

    932KB

  • Sample

    241012-nre4rayckb

  • MD5

    39ce57a07b5dfc971c3ce0d76a9f70a3

  • SHA1

    3b3f8f7466d0a199f45ac418042646d1927864d3

  • SHA256

    d5c99d6cab73d6d4fe837adcaabfd38b32f7bdea37546b86d3336aac3d8a1f60

  • SHA512

    a8529f2b260af96f0e3b5a6a6e61c10eeae6276442856027df745f21433b02b84d75991cfd3127687022e6c984f43aa67fb0a133eb512e7370d7383fde4e84ad

  • SSDEEP

    12288:mQ9fTnBt6urJQ34Lp05r7r5Tck0B6TYNYuPp9B97ucc6n0iXi0nxmhFL6r5cHG92:7nTNQ34L+Tck0BGKhhc65xcFS5cHeOcQ

Score
7/10
discoveryspywarestealerupx

Malware Config

Targets

    • Target

      39ce57a07b5dfc971c3ce0d76a9f70a3_JaffaCakes118

    • Size

      932KB

    • MD5

      39ce57a07b5dfc971c3ce0d76a9f70a3

    • SHA1

      3b3f8f7466d0a199f45ac418042646d1927864d3

    • SHA256

      d5c99d6cab73d6d4fe837adcaabfd38b32f7bdea37546b86d3336aac3d8a1f60

    • SHA512

      a8529f2b260af96f0e3b5a6a6e61c10eeae6276442856027df745f21433b02b84d75991cfd3127687022e6c984f43aa67fb0a133eb512e7370d7383fde4e84ad

    • SSDEEP

      12288:mQ9fTnBt6urJQ34Lp05r7r5Tck0B6TYNYuPp9B97ucc6n0iXi0nxmhFL6r5cHG92:7nTNQ34L+Tck0BGKhhc65xcFS5cHeOcQ

    Score
    7/10
    discoveryspywarestealerupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      $DESKTOP/temp/TeamViewer3/TeamViewer_.exe

    • Size

      884KB

    • MD5

      c19e56f4daf7c0e6b53dcfdc9a4216a5

    • SHA1

      bf06fc8c2e083161b7fb11d2623c9bf80d6c5c0b

    • SHA256

      3c7dd6337762b634b1683026a92e92255c4fa9ed19cf93bbe9bfa5beb42e656f

    • SHA512

      bee1b2894981b2e6c30dc411f415b6f00acb2a757f7bdc24c1779777b4f83cec453341894cc06f727a6bec7798f746f3fd44ca3cdbbdbf730aa78177ee0843d0

    • SSDEEP

      12288:OTnBt6urJQ34Lp05r7r5Tck0B6TYNYuPp9B97ucc6n0iXi0nxmhFL6r5cHG9Vtqa:8nTNQ34L+Tck0BGKhhc65xcFS5cHeOcx

    Score
    7/10
    discoveryspywarestealerupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

    • Target

      $DESKTOP/temp/TeamViewer3/SAS.exe

    • Size

      53KB

    • MD5

      bf3bcd752bdabfa1f1e84b7462738103

    • SHA1

      34cb8ea7d47467cace271e03b7869f37b0ecb30a

    • SHA256

      90fe790e189c384f2ab82958057f91fdf40888c2ed3c0471bd7b85d5b36c7810

    • SHA512

      6d5362c4d354319845f4522e0d1132c32a6779efc4c013c8c7bd489fddf39cbb5dfb72b135487b660d156d7774e5be4acc03c3fcecdb6dabcfad12630a3f5955

    • SSDEEP

      768:bA3C0RkYbVJEhDPCVbvv1l9OlKX8v8XAibCxHRgPjchVCK5EOahtZLXbdHa:c3CSb3E12VOp8Qi2xCP3KjytZ/dHa

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      $DESKTOP/temp/TeamViewer3/TV.dll

    • Size

      9KB

    • MD5

      5a2e1b4cecb98719af9215ef291a4215

    • SHA1

      48993673bf8d1e89a8baf89eb022c1c54f6b6d6e

    • SHA256

      8d3f87d3d98056f7926202846e7e3098802ae9594b5eac5bc029cf17cedfb1bf

    • SHA512

      bdbbfd4b9d51df8ac8aac7a635ec7a1fd2454c9ddf5be376866348d8d6821f4db1e0f7dcc314849794a2b9ac594236ec4fad4b1cd53b14b0040e325727f9cbb2

    • SSDEEP

      96:ELDzuyQ7Ibbd3E7ogp6F17Yd4asTK7TP5ZTFvtjRn8VxaTOHzA8WnSo+S/M/vtsk:6mI903p6TkW2RRV8VxaSOBZMnWk

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      $DESKTOP/temp/TeamViewer3/TeamViewer.exe

    • Size

      2.3MB

    • MD5

      6e1618f999e32fef59e16b0806b71af9

    • SHA1

      c429f254240e7a67a7c2af82df07c9de0ab125d7

    • SHA256

      c552471c74f7365526877c53268c829ff52f8b3d6e56e655f72cb23dbe4b601d

    • SHA512

      5127032eedc9a7d32eec006017909031eafd85f6a3c92f5ab59520cfb5668b372dab0033090268b5b69747bab2b87139cdbceaeb64adf05f850c37377ee4e2b4

    • SSDEEP

      49152:qMV2VOO89FELz3gUdDEw6u2xw0DDeuy4NMHL8gH:qu2VCSldDZ4w0DDxM8M

    Score
    7/10
    discoveryspywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral10behavioral9

    • Target

      $DESKTOP/temp/TeamViewer3/TeamViewer_Host.exe

    • Size

      92KB

    • MD5

      1504b8eb73549162ea82f756f641b9ad

    • SHA1

      5e5e7d26e83e670a03522a605aa745c7c0cbf0b0

    • SHA256

      cb46f0832f39aebfd1023313b413d7b7f1fe59762c40f220f4ea4073f21b5c54

    • SHA512

      c9ee34700c588e1ca09e2f7f6d13227a2f59dfba62e02da03c4ceb2bf9db109e35970722a8fbbc274bab5621e29b0490d2d9074d1e85739cb9d863f6f60d2ab9

    • SSDEEP

      1536:A+ShE/fVVQdm5SsOFV3QeAqfOQRwK9HUjQWV/GZUfkAFKNIVtra:A+ShE/fVVQM5NOfKqGQHQV/bYNIVtra

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      $PLUGINSDIR/GetVersion.dll

    • Size

      5KB

    • MD5

      c6910d6e78c2e5f9d57d0bc6d8f6b736

    • SHA1

      a395099062298b3f3c015359b227ca02a72c6e2c

    • SHA256

      b2c32af2b0d75dfd08ae4e1ad7c5897957240b32bf7a16855d6a46512d272b9b

    • SHA512

      4cd45b887ce5b7fecfd863cae83817465d7378cc9f5b50f5762d5f209c55a37257d94e91dea4c91c66f2c5bf22cdc1f5545eeef52a090f05cceeedf59bbd2a10

    • SSDEEP

      48:SQQhmkBkC+LRYvRPyIPm/QtO1l3NSphgPNy6C3xNsbj51SBNE46AQubLQlI:eRBkTLSvRtC5SpSM6MxOnSBi46AQuP

    Score
    3/10
    discovery
    behavioral13behavioral14

    • Target

      $PLUGINSDIR/NSISdl.dll

    • Size

      14KB

    • MD5

      36bd5fe93cba28f56faa83b84833d33f

    • SHA1

      f45d3207fb707c6a768cb5799fcc04da13503b79

    • SHA256

      6da03a7b9dc18a940c910903c31b09934bfcac582aabbb2fe081e540098b1d54

    • SHA512

      0dd06cb7d521980fca53bb4c3def3670b847291236dcf2c802b41b94c69e17e43cc16c8672b5af4f2c00d2732e3685e80171ca579cef9f0b44c4fee56caba58e

    • SSDEEP

      192:T4lsN55M8r67wmsvJI5a299sfoG8I+WhPB3RY+h/G3DNl/qYcVp/12hgszA:TysdM80dCI5a2LsQ5IlPNRY00AlAfU

    Score
    3/10
    discovery
    behavioral15behavioral16

    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      cfbae93f361e2b430743e423709a483f

    • SHA1

      9d31546592a9e6817025cc5026fee769e9a6c015

    • SHA256

      0f4aac375087f0a5df393d7463bd462193008922136a2aba8619736223ba7add

    • SHA512

      485bc9c83087a1a6f48a5508ee390384c2db93b9d50c295280337dad78b47f65aaa0caea8d6d23ef25f86b73cd2e724cb88a738f6b53037e47225c6522f912b3

    • SSDEEP

      192:MO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1a1gMO:9KAFERdlxhGRYUzqZa1

    Score
    3/10
    discovery
    behavioral17behavioral18

    • Target

      $PLUGINSDIR/UAC.dll

    • Size

      13KB

    • MD5

      7191bf2f751c79e50386b87c458ed2da

    • SHA1

      30df71f1945f0ece8d396042dba84d92f84dbfb6

    • SHA256

      45de80c4ef75ac01fdfca02a0c05c090311cb65b0f52b61e2307494d643466df

    • SHA512

      121143369c5edd732a513c884fa90d0ffc03f3966c46f8feccad09591295890de61dec7872e6fd6cd03ae132287bd1dad44d74b45fc8e623a0fa4a647510ca91

    • SSDEEP

      192:dlKA1Fiy+JjtWyPPW/O3w3hzwGRDvTR5QKZMAWSp2o0R:WA1n+HXoO38bVvTDZMAWSpuR

    Score
    3/10
    discovery
    behavioral19behavioral20

    • Target

      $PLUGINSDIR/UserInfo.dll

    • Size

      4KB

    • MD5

      0ce863c82162be08cdd779900428cff1

    • SHA1

      fc835c7afa7d669f238e3e1179c5e01c3b39ad83

    • SHA256

      f2cea895705cb88e54eb1b2e3546b4de31af8e02e47ade0b1025ba52cffbe5bd

    • SHA512

      6799626839e344ad9985a5a5542aca7fde0afe799bcfbcd5631410f4f8de4f45c3e383dbcc30d9e171a92cea4d45f6fd28e1381cc208d7adc383d5beb0110f62

    Score
    3/10
    discovery
    behavioral21behavioral22

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
5/10

behavioral1

discoveryspywarestealerupx
Score
7/10

behavioral2

discoveryspywarestealerupx
Score
7/10

behavioral3

discoveryspywarestealerupx
Score
7/10

behavioral4

discoveryspywarestealerupx
Score
7/10

behavioral5

Score
1/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discoveryspywarestealer
Score
7/10

behavioral10

discoveryspywarestealer
Score
7/10

behavioral11

Score
1/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10