Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
3Iciba.26666.0.exe
windows7-x64
7Iciba.26666.0.exe
windows10-2004-x64
7$PLUGINSDI...CN.exe
windows7-x64
7$PLUGINSDI...CN.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/gtapi.dll
windows7-x64
1$PLUGINSDIR/gtapi.dll
windows10-2004-x64
3Cache.dll
windows7-x64
1Cache.dll
windows10-2004-x64
1EngineManage.dll
windows7-x64
1EngineManage.dll
windows10-2004-x64
1Iciba.exe
windows7-x64
6Iciba.exe
windows10-2004-x64
7Loader.exe
windows7-x64
1Loader.exe
windows10-2004-x64
1NetEngine.dll
windows7-x64
1NetEngine.dll
windows10-2004-x64
1NetProtocol.dll
windows7-x64
1NetProtocol.dll
windows10-2004-x64
1NormGrab.dll
windows7-x64
1NormGrab.dll
windows10-2004-x64
1PWOLManager.dll
windows7-x64
1PWOLManager.dll
windows10-2004-x64
1SearchWords.dll
windows7-x64
1SearchWords.dll
windows10-2004-x64
1XDictEngine.dll
windows7-x64
1XDictEngine.dll
windows10-2004-x64
1XdictGrb.dll
windows7-x64
1XdictGrb.dll
windows10-2004-x64
1General
-
Target
e58a381ea65873f83994b6b2b65f4b95_JaffaCakes118
-
Size
2.1MB
-
Sample
240407-wq725sah78
-
MD5
e58a381ea65873f83994b6b2b65f4b95
-
SHA1
7bae2329e821a2ee9ad65e907be324c24ad60ad8
-
SHA256
b8eb555cb91a52f3ed6c90ce62a2007b70832ad10872ebab8647ea21872db2fd
-
SHA512
dfc9976c2d2049dccce52ad8ebf396840ffe0ae90bb162bb0ea8b748212a430a0a6d5830a36acf99def5fc01d0a28e83729242ac971483e111d48f3c10e8cb23
-
SSDEEP
49152:hUy3aif7VYIjfdREFjnfBfziYMt7GtQ01t5:hUyqi5YSOBJuYMt7Gac5
Static task
static1
Behavioral task
behavioral1
Sample
Iciba.26666.0.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Iciba.26666.0.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/GoogleToolbarInstaller_zh-CN.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/GoogleToolbarInstaller_zh-CN.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240319-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/gtapi.dll
Resource
win7-20240220-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/gtapi.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
Cache.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
Cache.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
EngineManage.dll
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
EngineManage.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
Iciba.exe
Resource
win7-20240215-en
Behavioral task
behavioral16
Sample
Iciba.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
Loader.exe
Resource
win7-20240319-en
Behavioral task
behavioral18
Sample
Loader.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
NetEngine.dll
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
NetEngine.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
NetProtocol.dll
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
NetProtocol.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
NormGrab.dll
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
NormGrab.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
PWOLManager.dll
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
PWOLManager.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
SearchWords.dll
Resource
win7-20240215-en
Behavioral task
behavioral28
Sample
SearchWords.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral29
Sample
XDictEngine.dll
Resource
win7-20240319-en
Behavioral task
behavioral30
Sample
XDictEngine.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
XdictGrb.dll
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
XdictGrb.dll
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
Iciba.26666.0.exe
-
Size
2.1MB
-
MD5
00688f8aa02924a371ed2c67bdabdadf
-
SHA1
9a669e0635fd3971555e603cdca0b0517018abab
-
SHA256
533e39dcb908ad888dfe1c9e0af6ee8e5bbc857f1dbef79ca7ec49ed9079ebda
-
SHA512
a81560d4b287dc679e504bc2a5d3784325880b605f06db9e863dc82fbe955cead35f1c1cf8312e7e12cfeff92d15ded523c6074a6800a2a03800ddaee409fb7f
-
SSDEEP
49152:KlZ7f2NMLq498IAEuQFhiTjXKishyoC2fzaNwkha8fo:MzIMLv9DuTjZdo3fzqpjA
Score7/10-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/GoogleToolbarInstaller_zh-CN.exe
-
Size
1.2MB
-
MD5
08c95e1ed158cdb93186f1cf8aad4bf3
-
SHA1
d79e50041452ce4b633a7ebb7bb6f6c2c5d5c0bc
-
SHA256
305e5960b5e488f695c5980cf309e90cb0ace182876af4ded207926ded8ada78
-
SHA512
edec4733eb52f8b35a27cffa0a6b30bb7aa0e4e61eab5b0f1497240d1d13f446be91d52daabd312bf83eaa9de2fb923089f79fcc154af1c2eae05a7a44dead6d
-
SSDEEP
24576:Aob6AtELxLEbMttQNoh7sCCr1QDz3U414T2i5d+QSe9efLisESg0IYz+:3b6AaGMttQNIQr1ez394jd+QzgusjIx
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
12KB
-
MD5
1d5c649dde35003a618b9679d5d71b92
-
SHA1
0409bbab3ab34f8c01289cdd847b4d1a32d05b18
-
SHA256
0f4d3cee24e3f310fa804983c931d3628613988a24f0be7854f63a9309b8e45f
-
SHA512
b432ebcc52905662d61a3f17e08e209a3f9d836a9071b3b5e80070af7ebcf34cf66c44426dda041c2a258fda4787e5692e2b35acbcd73288fb84fe3c977bbfd9
-
SSDEEP
384:pKlm7i+c3QW6ckPhyDEaLnA2bbBBIXwZ:8qi8BcyhEhLBbbTI
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
10KB
-
MD5
4eff5fafd746f5decb93a44e3a3d570c
-
SHA1
a11aa7681b7e2df1c7f7492a127d332d1495ea8a
-
SHA256
cf61ddd15d63c25a12caee70f51ea736cfc02195c42e56ee01b33f689d3754c5
-
SHA512
cde82d2a1f28506e4c2264f6b82017a00af32f138ebcdbaf4cc58463870fa626f708aa57465294c5a6f096c886841e7b9112b85bf3ea2f1d8f2da816b51b2d72
-
SSDEEP
192:0OycJo/rJVCmIDNLU0dq5RD00lspbub76yL:6/QQ0d0RD0USq/6y
Score3/10 -
-
-
Target
$PLUGINSDIR/gtapi.dll
-
Size
44KB
-
MD5
b19256632fd0ba5bed01e80e29402384
-
SHA1
a4b72c88e688f53c7d3c0caffca37b65fbce31da
-
SHA256
0de25aa419acd2f9534ef03de471d034fe89697e7d8405965b3e6e0b044ae3ad
-
SHA512
052bf2f799977ad119c354b809001827f0e33d6122cc2eec02c15a5d1b50c57af4af38c5eed3c295ac3a7cc2604b4bfa89f3739f5b512046ce5b0326ff897f5a
-
SSDEEP
768:mfQ6MpT8MNWNR+mLMTyyfFtEJuxorYDaY3:sQnT87z+mLwyybxTD7
Score3/10 -
-
-
Target
Cache.dll
-
Size
56KB
-
MD5
42b6e06fa229ffd6c5dc30dcecdf6e68
-
SHA1
9330f07572f3fb1e959d892e0248f616a8200478
-
SHA256
d1ea87249f93fe025565bb6d893659678f9edc346d345ee15455b932ee986916
-
SHA512
2225a79ca28a7bab56c5e4ea3b0e97d04063f0cee8d16654057b4011f1b0356c33399b58c38f13575a685b7fa3ac90e125a63cc15896cc4d57e682ab79fab444
-
SSDEEP
1536:KpJzw4jtWLvcOWMghBIwwZZo5gEb8YDG+9:yJHqghhwbmpDG+9
Score1/10 -
-
-
Target
EngineManage.dll
-
Size
160KB
-
MD5
5fec5c4d80b9cf278cdab6d977287e2c
-
SHA1
9ae4fa5fb6591ff699485c33ce569c8fadc738a6
-
SHA256
c79bd5f79de843e49be8bd1f35c3185ddf2a9e9f9b2e76228753360da33c5cc5
-
SHA512
9fe551f2a431fa566c8b48e4c535931ab8bee30bd193e28b5784921a1ed151cccd7b4b9ff9bb94402bd9efdd94113dde8321c97ef22050d913d32120b9ce0000
-
SSDEEP
3072:uKGizPcHCAmrJUFv1PK6V+InK4tDsVXRO3t6lok2C1:u+rJOvZKy+8KhVX4hk
Score1/10 -
-
-
Target
Iciba.exe
-
Size
1.3MB
-
MD5
f9c4a91e61bf759b64e27c6f266ce282
-
SHA1
9ecfa43e87cceac49851aa84ebd107744c342c68
-
SHA256
86c1187943d8bb1badc1076ac3003a9abe4473a1c68c38879baeac1a12feeb40
-
SHA512
5f8d8ad79764ed95fe7cf0c3164fea9216960df4b86ba29c96cd1107b29240c897a7ceabca952a868d05502077ac7ff0b7cdeba4d4528fc26a5679e0cf623ff4
-
SSDEEP
24576:vM6+ZsEQCVTh5lM7L0M+GgtuH7pjkPyWJ3IIUYfGY6FXDuL1Rt:vM6+ZsEQ69bM7YMbHtkqwIIU8GRXDuLZ
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
Loader.exe
-
Size
16KB
-
MD5
86593bd6a4240d3ccaed66a0cedc39f3
-
SHA1
7532e27c7151a80b05a9299e87a10947ec7280bb
-
SHA256
d015a2f2240e1a111011f3e757ebeaec55a20dd586448c1bbb585b66d51230ec
-
SHA512
e66e2c95f5e4fba9723c7b8a8631176e5ef4d85d1a60393e7ffa61ef424130004193491f64facd9c51c8d281d4d58ab769e79fd72593af83f6691025b5ab9223
-
SSDEEP
96:O0JOW/aA6lizhWG83+HqFvviXmHlm70ay3ckKhvmHlm7itboynd/Z1/:FcW/Si9WGJKtv65je1oyndj
Score1/10 -
-
-
Target
NetEngine.dll
-
Size
76KB
-
MD5
5e76ca91f1d9393daad2be5e57ea737e
-
SHA1
03409dcba08f79392f8467ac6f6624a6c709a3c7
-
SHA256
429f743259c3e823891ef13aee8993e19b6e174fedb26ad3bc388536d3802694
-
SHA512
4b0aca270af7c5161230ec2424c635fbed17ad55a22f52eb40524a7e462aae73e88339e6216ae242bac1a02eaf3e98c333457892897c4857e8b085d8e37e775c
-
SSDEEP
1536:+4mp1yo909Tz4ynhwx+6LxLswwltddJsR2WEpMlhF:+NpcxHnqx+mxbKeR2WdlhF
Score1/10 -
-
-
Target
NetProtocol.dll
-
Size
196KB
-
MD5
3993cf84f51bd720d200cd01d9a38c05
-
SHA1
cd87bfcf8dc5eb6df4a43ba6b789d4f36945cb34
-
SHA256
b4d4b9218e833eb0b4ac3c2d901785c542fcba66b37d786ea7181e7ec3e20cb7
-
SHA512
2ee0f994218b290a02d3dc5dcd09c4eacaccf5dfdd1d7e0cb3bd35047d9e23095e4f4696661fb70573ac2995683342a3f69a1e187dd6c153234bc151f353932e
-
SSDEEP
3072:6pn0Xg4FhSdtk6l7zH0LLo3jqlR4T8JDMFphIF2DfImPprDDSyaCUjI497+yj:XofvUQ3wy3DwmozhTj
Score1/10 -
-
-
Target
NormGrab.dll
-
Size
72KB
-
MD5
4085bf6ac9a0aace35b73b963c0f3ee0
-
SHA1
6983f80e188eedc9ee28adf7f049b1ca9f0fe1bf
-
SHA256
0a86541d21be16276231ca0ebfb001c9ebced41dc927b9001a165af6a9e7d35d
-
SHA512
363f4c3f1e80f5351579d829a6fdc49a1a703b31f9e3282c50a6bebec2d562f770bc615411dddb130b67fd223b7287e6d4b8089839671646541d8cf56beee8d5
-
SSDEEP
768:f+Yv0luXhcAs9ZuxKCcm2T73Pb3snbIUQT2YN2SOPzq3FO8KGEiCkgO0/ttinLX:rvJXZEYp563ooTH2nus7/6gf/ttUL
Score1/10 -
-
-
Target
PWOLManager.dll
-
Size
104KB
-
MD5
0e38baf82b5ce50e55027d7a7d30cbcb
-
SHA1
7977ab3b3f3592792861792fdbfcdbf2b373442e
-
SHA256
13775d84065712a4d99d3a4e01e2aea8dd3fbaee5716fcda5af0eb8ed750282d
-
SHA512
70b10516fde7cce3c6b17e3103f1ba0fb01323dff105c099a920c9678e039ea915823a8ee78ebf81f2d07b9ee7f39e6ff32136cd4dab0ebce9534f29e32927e6
-
SSDEEP
1536:StjvZEadtFDPgSoZnTzKUW8FgsYVbQl8J+UT1WGNeJKD2YC:yNEaJOTG0GAMeJKD2YC
Score1/10 -
-
-
Target
SearchWords.dll
-
Size
96KB
-
MD5
fa2c3bdc1653bb5b4bccac6ba476aa0b
-
SHA1
886491130d6be434b4a0e79fed9f98e5d35b5145
-
SHA256
34f196790cb6dde85b96efcba3153dc5984eff8ede33d73775e5e6b0f85db910
-
SHA512
2abb6c27cb849bf8b44ccae03f01f053adb7464d65dc4ffda5946af28f7ff4e7a0f93a4fa821e9491c3df4d65164fd9be7d845a2ef59fccf36d1e8312b5b934f
-
SSDEEP
1536:KnTD89/s01WnSQaU0T2qQK8LXwwJWMbqy4YMKl5UAn:KT30wnSQDH3Dqy45Kl5UI
Score1/10 -
-
-
Target
XDictEngine.dll
-
Size
136KB
-
MD5
73b3b1a6eb3086fa72da8889d82502ab
-
SHA1
203f74795416550a0758a418a1d5ae08b6f96ccc
-
SHA256
107de08171465248379bbd3654a9889453bce7dc3766be9fea4348dbe403ff64
-
SHA512
efc0e1e9d03afdcd22a5682383b0b1432e4a477b0175da13952d82969936164efcaff01a318e197a1035f9f513098cfa6765aedf0bfd1eaa29a4338e72611c78
-
SSDEEP
3072:9XLnRy0RS+3jOSIlc91JB84u15mtXptx+0w575pDIWI:ZRy0RSC5o6JWN5mtXzx+t5EW
Score1/10 -
-
-
Target
XdictGrb.dll
-
Size
112KB
-
MD5
5f1fc95ff1b24b1160a7ed31532b8384
-
SHA1
061a44e8b8ce37669ca8d1e7b95b1a05ef185aa2
-
SHA256
1eaaeaf344eb942eb9cbe8c5dcb1afb359d0a3127d0aa35348f7471c0e2b6bd1
-
SHA512
007921ede782aab4a883ad1205f42202a13e5a377cae10d8ef91b28aa83fdee646b8fb24ba949b3c7c6da07b7e56a5fdc8e997f66347fa052c63a21c58ea289e
-
SSDEEP
3072:mBIiQz5kvXZU7A5ATMhGaiJ4lqF3DFmS6:m0zHqAGUMR
Score1/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1