Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4500b5e2709a64dd32071bd7ef49a6de_JaffaCakes118

  • Size

    958KB

  • Sample

    241015-a5zhnavemb

  • MD5

    4500b5e2709a64dd32071bd7ef49a6de

  • SHA1

    e2a5ab81f41287fc72436e8fc65115079c0d0cbd

  • SHA256

    aebd5eb2e18bb475e1a19dcd96229ad9c0be201e9acc107a4d37131ed7aa0545

  • SHA512

    1cfde5da9ad9ead0981968e7b07794eb5c8deb310076a1cbc0fd1c473c9486d3bf3762c8619d3b856f0675240ab18f7c8d7eb3628f655921b36e4426b2b968e1

  • SSDEEP

    24576:OHOCbQv8QJsX6YSsYNOkeS3PCXVAiEOiYt:8O4q83K/jhfe4O/

Score
7/10

Malware Config

Targets

    • Target

      4500b5e2709a64dd32071bd7ef49a6de_JaffaCakes118

    • Size

      958KB

    • MD5

      4500b5e2709a64dd32071bd7ef49a6de

    • SHA1

      e2a5ab81f41287fc72436e8fc65115079c0d0cbd

    • SHA256

      aebd5eb2e18bb475e1a19dcd96229ad9c0be201e9acc107a4d37131ed7aa0545

    • SHA512

      1cfde5da9ad9ead0981968e7b07794eb5c8deb310076a1cbc0fd1c473c9486d3bf3762c8619d3b856f0675240ab18f7c8d7eb3628f655921b36e4426b2b968e1

    • SSDEEP

      24576:OHOCbQv8QJsX6YSsYNOkeS3PCXVAiEOiYt:8O4q83K/jhfe4O/

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      325b008aec81e5aaa57096f05d4212b5

    • SHA1

      27a2d89747a20305b6518438eff5b9f57f7df5c3

    • SHA256

      c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    • SHA512

      18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

    • SSDEEP

      192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo

    Score
    3/10
    • Target

      $PLUGINSDIR/NSISdl.dll

    • Size

      14KB

    • MD5

      a5f8399a743ab7f9c88c645c35b1ebb5

    • SHA1

      168f3c158913b0367bf79fa413357fbe97018191

    • SHA256

      dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

    • SHA512

      824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

    • SSDEEP

      192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go

    Score
    3/10
    • Target

      $PLUGINSDIR/nsis.exe

    • Size

      448KB

    • MD5

      7b99f808968d538c99962640c85742ac

    • SHA1

      717ba7eeb1bd3846d3c9bfecd184a185fc3da1c1

    • SHA256

      f738ffbedeca142ca69d6f3263183328787bdcc054dea0340d2595367de98997

    • SHA512

      845299374d069a8c97d0f182e06c17e1c594242cf23981b6a244167228f2c265401ab023b9458988cc810638cb28f886a006d3abd264e70ec92570397d2e50bc

    • SSDEEP

      12288:YKcjCDQvmndx2hR29sCaQlxF183cRtkhbHcX:YKcXundon2yY7Q3otkaX

    Score
    5/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      GinoPlayer.exe

    • Size

      230KB

    • MD5

      c82bba9c6fb9d1bf2ec4e114d8456844

    • SHA1

      f1d9856b01626ef8b84a70f50df13be6b2ce4823

    • SHA256

      69a75ecbd4db1dde170e23e4c227d62269346244c1861bdfb41b9da358d89ef1

    • SHA512

      ee49770382d0b2ee9647fd8d4e91dfc98bf69522bca08cbc9c1a6e0a4900ca24f29111bb3a220895c07cccbe80b9a871a2bcbcc0e5ea72502dd28c37ffeaf1ef

    • SSDEEP

      3072:ZX3Bhg694tjSg694tdHoPgR4PKmAsFTmIeBOtYAVoHhDL0ad/dl+rozWlyf/tVzV:c5+PU4JjyONVoHhDL0ad/dl+Tyf/n4

    Score
    6/10
    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Target

      Interop.WMPLib.dll

    • Size

      284KB

    • MD5

      d92527eaf9868a78a3153242d3b6098d

    • SHA1

      0a63e538fededd292e05364d62dfeab278eac413

    • SHA256

      5d36a9c572a309d3cc632ac8c7a1e4ea6fc3969b31dc6d1a9284dea44a213d80

    • SHA512

      27422787764863547331144a26fdb233f859a98c5fe15e1b1dcffa9c295da1535ca049e980e4a29d6068cd0fa54f947bfbda76e851c524a711611d6949d5a3ea

    • SSDEEP

      6144:UMfmxYbidUn+MCdW85I6hI3uFc7y5g/md0Dqx4HeVMriJQPWtkzaBoXOl8bSZAfl:UMfmxYbidUn+MCdW85I6hI3uFc7y5g/j

    Score
    1/10
    • Target

      Uninstall.exe

    • Size

      77KB

    • MD5

      ff11f586d42a888469164063c399d917

    • SHA1

      b3feded2344ea9a22035f628a441883c6216bf3e

    • SHA256

      869c31354b5c3f1c7586fec5c51270a606ca5210d4ea9df4a078a1d7bc62112e

    • SHA512

      573c35c9f066a2fbfba29d1cee5157b0d518d62210beb088d8c5380d43da4ee749a215ff76531e9ff59161a6449bdb44e3e0ee2ec4b18e03e0d36cbb131cbc86

    • SSDEEP

      1536:7iZU91Rzv4f/+LHgmpoM4sXJKTmdxQi5jaQkaB72/v97+N:7iezvrL9oMXJKatjIg639KN

    Score
    7/10
    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      325b008aec81e5aaa57096f05d4212b5

    • SHA1

      27a2d89747a20305b6518438eff5b9f57f7df5c3

    • SHA256

      c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    • SHA512

      18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

    • SSDEEP

      192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo

    Score
    3/10
    • Target

      launcher.exe

    • Size

      550KB

    • MD5

      9b83990fce13716ad79131772b15c915

    • SHA1

      989dfc018c35a0242523c722da6fa881aa9f2678

    • SHA256

      5b2338071972a864622a36a4452d218d70f1c80024c6f7d84e1c5aa590efd5d1

    • SHA512

      e3ae253c7f9c3bdefe0965af1a788f26025c0994c2bcf76ed7c4048dad648b383bf245bd2854c90c40dd6f453868f9dec2b86cce8414dcfd00c61c898ace1c38

    • SSDEEP

      12288:een6U3av8FtwV5qgsD8v3MJdogR7eKObvc5hAe:e03av8Ft45/3FSFOTc

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks