Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

3dc25ab858...18.exe

windows7-x64

7

3dc25ab858...18.exe

windows10-2004-x64

7

$PLUGINSDI...is.dll

windows7-x64

3

$PLUGINSDI...is.dll

windows10-2004-x64

3

ffMediaWat...ion.js

windows7-x64

3

ffMediaWat...ion.js

windows10-2004-x64

3

ff/chrome/...190.js

windows7-x64

3

ff/chrome/...190.js

windows10-2004-x64

3

ff/chrome/...ion.js

windows7-x64

3

ff/chrome/...ion.js

windows10-2004-x64

3

ie/MediaWa...90.dll

windows7-x64

6

ie/MediaWa...90.dll

windows10-2004-x64

6

uninstall.exe

windows7-x64

7

uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...is.dll

windows7-x64

3

$PLUGINSDI...is.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3dc25ab858a6f8bbb0b7132feb906183_JaffaCakes118

  • Size

    634KB

  • Sample

    241013-eyraxsyfqb

  • MD5

    3dc25ab858a6f8bbb0b7132feb906183

  • SHA1

    2b3239f65f13a2958f62e2ae9d7df0c237ececaf

  • SHA256

    3c707acf9107ff56f664d2fd5592b6a601e30eb625e9d4a4b63ef8f8b52eea39

  • SHA512

    17a95303b190bd3ebedaa469c8f23bd022ea9b63b5fb4b62f92ab452c66ffdfd993c1c6214b45dc90dd48ef411badeb4ef575e6ddc4ead7a6f647667d0fb3acd

  • SSDEEP

    12288:sbHc6G4GjeZHkwuPikQ7lKH5p5H9x1+eZHkwuriZQZlKh5pQxlMjVWr:sbhG4GjeZEXi37l6Br1+eZEjiOZlWof5

Score
7/10
adwarediscoveryexecutionspywarestealer

Malware Config

Targets

    • Target

      3dc25ab858a6f8bbb0b7132feb906183_JaffaCakes118

    • Size

      634KB

    • MD5

      3dc25ab858a6f8bbb0b7132feb906183

    • SHA1

      2b3239f65f13a2958f62e2ae9d7df0c237ececaf

    • SHA256

      3c707acf9107ff56f664d2fd5592b6a601e30eb625e9d4a4b63ef8f8b52eea39

    • SHA512

      17a95303b190bd3ebedaa469c8f23bd022ea9b63b5fb4b62f92ab452c66ffdfd993c1c6214b45dc90dd48ef411badeb4ef575e6ddc4ead7a6f647667d0fb3acd

    • SSDEEP

      12288:sbHc6G4GjeZHkwuPikQ7lKH5p5H9x1+eZHkwuriZQZlKh5pQxlMjVWr:sbhG4GjeZEXi37l6Br1+eZEjiOZlWof5

    Score
    7/10
    adwarediscoveryspywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      ffMediaWatchV1home190chaction.js

    • Size

      829B

    • MD5

      fc9426947aefe4ab4c9acf30a9936fb3

    • SHA1

      c5b7081f74c0384274f2724418ee318a7e10f807

    • SHA256

      1c75994286a961ac9343ec270a6ea6e153c513aa5378700cd5e2551a69b46f98

    • SHA512

      65a6e8e59e1b7e4783a23771ff8f8586f1eec99286db25e3137adcb88e068da7e5d8beac4f7fa41528f82c2498b85c569d877492b479801a87fa0b91c1e26a14

    Score
    3/10
    execution
    behavioral5behavioral6

    • Target

      ff/chrome/content/ffMediaWatchV1home190.js

    • Size

      744B

    • MD5

      d192c46c11f795f7592ca1c855652c53

    • SHA1

      be9fcd2092aafccc7d078c54411e43bdfcf87c60

    • SHA256

      d4f560a32f25303aa16d592fec1cfa90d0c0e5e8e9cdeb2d60f40248eb982f93

    • SHA512

      1bc93f106c293434b582d39c132aa621400ba5e470167aebe45eb5eccf05329f04e71a4e6d757dea0ecbfc2fc7e3c5e949498a552364c44dfd7c1285d3c836fe

    Score
    3/10
    execution
    behavioral7behavioral8

    • Target

      ff/chrome/content/ffMediaWatchV1home190ffaction.js

    • Size

      674B

    • MD5

      be347e7448418991a5f11919e0f620fb

    • SHA1

      18c62f980c609e8520457d0a44dc91b12dd8dbfc

    • SHA256

      5795a23e70dc65a8a5d437439eee383ae06e29652460c5d80b25624e6a4c1489

    • SHA512

      78f8e00410678256634a0337e31e1366045f32f9ee7b4bb2fdb51c99351722dd25dceb74bc90835fc0ad1737e318920d0f869af0fc6c66e4e68959bd3fb90876

    Score
    3/10
    execution
    behavioral10behavioral9

    • Target

      ie/MediaWatchV1home190.dll

    • Size

      85KB

    • MD5

      8a31fa529d7884ad61ea6b96ea498765

    • SHA1

      79554488181e5e9440c8e4d48b59d778a3c432cc

    • SHA256

      b785e662477a595e8ef2b4ed35291f1e8a0d0710c5a369abc692cc6fa50d5ab0

    • SHA512

      1586334af9281a86df105a0e91970cbab87ff27d9ab07cf94e7a49a0a46af525da1c639764612432de7556c3e7b5be988eb5529fdc58bffe9f335e422679026d

    • SSDEEP

      1536:Zn/1CsEmkaMAvtahrOb8Dkt8lHA9glQwPleN:512mkaMAlahrO8lguawPI

    Score
    6/10
    adwarediscoverystealer

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral11behavioral12

    • Target

      uninstall.exe

    • Size

      285KB

    • MD5

      b60e672d36019eb707e475b93e3093ba

    • SHA1

      d0e21f8c40fe81718e1cb91cc3853dfb68dd8690

    • SHA256

      31ad0ddae066932c113880ae069504bc6303cacd69f01f191e72e4c1d247eff8

    • SHA512

      ae2aef1c58a95c851d17100357b19fe05da48f61b61f20964be75cb98621867caf34446767311c30f919e6203fde5a02b488d5de0b45e2a31b714f5fe17eb13a

    • SSDEEP

      6144:Ee34bonpeZH+zpyuuz6GZkDOJ/7OafSH5KmrWym09x1W:60eZHkwuPikQ7lKH5p5H9x1W

    Score
    7/10
    discoveryspywarestealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral13behavioral14

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10
    discovery
    behavioral15behavioral16

MITRE ATT&CK Enterprise v15

Tasks