Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

0d9d5b89be...18.exe

windows7-x64

7

0d9d5b89be...18.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

cjzg.exe

windows7-x64

1

cjzg.exe

windows10-2004-x64

1

config.dll

windows7-x64

5

config.dll

windows10-2004-x64

5

iconAnimate.exe

windows7-x64

1

iconAnimate.exe

windows10-2004-x64

1

iconTips.exe

windows7-x64

1

iconTips.exe

windows10-2004-x64

1

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0d9d5b89be5ce0828462eb8567e1730f_JaffaCakes118

  • Size

    1.7MB

  • Sample

    240502-f2qdgahh4t

  • MD5

    0d9d5b89be5ce0828462eb8567e1730f

  • SHA1

    7f71d8d24cf900e0891bf4ef9073bbd3adc91e7b

  • SHA256

    b480c87b61c8af8b3141af262d0b82aad50aa21cf0f003089fa58dd49eef856b

  • SHA512

    33caa4754e755b84be35d0e6e10a3ebe4c20f72aff13c2e3307e5489cdf6c04f82524bbbd11ef71535fdeb7da61358da9ac947ad1291002b4d5dd822da713f86

  • SSDEEP

    24576:Q4LOD6q0L7jShSYoLw96sCNwqKuWlnAcarONZ9XogC8uHkpVwUknbO9xeZO2Ds1M:NppySn0DCelA/rONTofYTCHsg2XlzW

Score
7/10
bootkitpersistence

Malware Config

Targets

    • Target

      0d9d5b89be5ce0828462eb8567e1730f_JaffaCakes118

    • Size

      1.7MB

    • MD5

      0d9d5b89be5ce0828462eb8567e1730f

    • SHA1

      7f71d8d24cf900e0891bf4ef9073bbd3adc91e7b

    • SHA256

      b480c87b61c8af8b3141af262d0b82aad50aa21cf0f003089fa58dd49eef856b

    • SHA512

      33caa4754e755b84be35d0e6e10a3ebe4c20f72aff13c2e3307e5489cdf6c04f82524bbbd11ef71535fdeb7da61358da9ac947ad1291002b4d5dd822da713f86

    • SSDEEP

      24576:Q4LOD6q0L7jShSYoLw96sCNwqKuWlnAcarONZ9XogC8uHkpVwUknbO9xeZO2Ds1M:NppySn0DCelA/rONTofYTCHsg2XlzW

    Score
    7/10

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/FindProcDLL.dll

    • Size

      3KB

    • MD5

      8614c450637267afacad1645e23ba24a

    • SHA1

      e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2

    • SHA256

      0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758

    • SHA512

      af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      d753362649aecd60ff434adf171a4e7f

    • SHA1

      3b752ad064e06e21822c8958ae22e9a6bb8cf3d0

    • SHA256

      8f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586

    • SHA512

      41bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d

    • SSDEEP

      192:3Gs+dH4+oQOTgDbzuNfrigyULWsXXZF/01JJijnK72dwF7dBEnbok:3GvdH4qMebzPY2Vijn+BEnbo

    Score
    3/10
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/KillProcDLL.dll

    • Size

      4KB

    • MD5

      99f345cf51b6c3c317d20a81acb11012

    • SHA1

      b3d0355f527c536ea14a8ff51741c8739d66f727

    • SHA256

      c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93

    • SHA512

      937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef

    Score
    3/10
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/StdUtils.dll

    • Size

      94KB

    • MD5

      0061a96c8ff17ad0927aae65b5dfe06b

    • SHA1

      9d1bd69d930ccda683e6b7c2c0d1dbe3b54861fe

    • SHA256

      2aaef1ed8a25097b3a807568daeffd3320fa29d6de66df90a57beaa8df8949cf

    • SHA512

      c6b887a4e1682ba1e126c93bc4d886c7f1ce392f97866e631c5b8a945824cbefc9af2429a14c2dac3b16d97bd33195d4378a7e92ae53fdeb47197452d4d90fc4

    • SSDEEP

      1536:0yy+i55jAPWrI5qXgcAZ5c4DB5G7NXE9eOO2xwN:3y+i5i+kEQcAZXGx0cr2xw

    Score
    3/10
    behavioral10behavioral9

    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      56a321bd011112ec5d8a32b2f6fd3231

    • SHA1

      df20e3a35a1636de64df5290ae5e4e7572447f78

    • SHA256

      bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

    • SHA512

      5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

    • SSDEEP

      192:uv+cJZE61KRWJQO6tFiUdK7ckK4k7l1XRBm0w+NiHi1GSJ:uf6rtFRduQ1W+fG8

    Score
    3/10
    behavioral11behavioral12

    • Target

      cjzg.exe

    • Size

      153KB

    • MD5

      73a75f61df841a33d297f0539ac18adc

    • SHA1

      20728858fa022c10713752af7bef486c2b609102

    • SHA256

      8faf97a32df851e90a4f9fa6782098318af165956f98402f0eaa6a9a30b2ba74

    • SHA512

      dff3f3aa341c3e6ba85b643f3b96c58a6667a135b770452835055f2c63ff3c63ba643256cb8b14a3907d0caaea037bfa04fc5aa33f5b99b8de91a54c0d9d296e

    • SSDEEP

      3072:WVv1vR5mVkqFTi7xkl9u6tjaknVqjAOoBuCVJBH8:WHR5mV1TiyuqnODoRPG

    Score
    1/10
    behavioral13behavioral14

    • Target

      config.dll

    • Size

      1.4MB

    • MD5

      34c92b1d14219cf9479fd259cc7f47b6

    • SHA1

      7bf294f26542c896408b7efa9e5d2060a667f6ef

    • SHA256

      fd3f9cf8d07a29cee9c5ec0700d04bc74795e002dc890b51603dccd80ca27461

    • SHA512

      3fae5879ac0f53ef2caa336069a85783efd196904fb38be5a498a37859e92179155ef43c6a2fbc91b49c6b98e9305fb1930012d82de4ce1e65d9a941451c659f

    • SSDEEP

      24576:Ge7QnYLI/oMmx0DbDKrttQqcz/js8Yk2Z4Sy0VHt4LOD65AxQ:cnYNEbDs3JL8Ykk4Sy0VHmpuxQ

    Score
    5/10

    • Drops file in System32 directory

    behavioral15behavioral16

    • Target

      iconAnimate.exe

    • Size

      426KB

    • MD5

      9b61f1470bada3072365f8647292728e

    • SHA1

      2caa1ff4eb40403c2bb1c1c3b8b531184ecd8b07

    • SHA256

      337398c9699c53a11bd422a035371cbb8a596315895ea23b0e2494c7b6434c4a

    • SHA512

      cf40e794c5be1792a0fc63e9cc971bd52bdace6252fba3002ca49f13c7936f92fa6615fb034a320a626f0dbfe002816eda9c8eeb3d0057935f18856ff1f16d90

    • SSDEEP

      6144:ulYIXLG7MovlVaukmKiuwv11rf1Ar3Q2HR5mV1TiyuqnODoRPD:upi7Mo92iuwNV1Apx5OTiOOD6D

    Score
    1/10
    behavioral17behavioral18

    • Target

      iconTips.exe

    • Size

      402KB

    • MD5

      6497ef7e23b342b30a495b02309a8eb7

    • SHA1

      cb483f835174c4de6296b2d723a856ad745135f8

    • SHA256

      895bcd9b2926318d918a39a48fa1de432a0c9f0d92f5bb46673a2bc380b80bec

    • SHA512

      f8144690336af36314443e81c433f79ae74cd6b55b6206d40bec887afd9ad4382fb7628fc8f66020fc4e98d08c15070f4bcef0c3d3efdf4aa8ec1f3884f189b5

    • SSDEEP

      6144:kHAYGNMpEW4Kj1MqgOMYwHR5mV1TiyuqnODoRPPq:kgYGNIEW4KjaOwx5OTiOOD6Pq

    Score
    1/10
    behavioral19behavioral20

    • Target

      uninst.exe

    • Size

      411KB

    • MD5

      eed224b06b137883dd287f5ba3c5b1c1

    • SHA1

      7bd25580f8b0a3b452d231845a0875fb8876b202

    • SHA256

      7fe1a811dd6aec61ba28cf24aeabe1413576a347bcca7e21356791554312796b

    • SHA512

      3f7e52ffecb0861eac288c3882f8e5743370a4ce87b9f51372151294e0810f39576e81fd5e10c0bcbef232c4088e744196f59284e71523ad15b62157d4eb3cb4

    • SSDEEP

      6144:z8LxBJHR5mV1TiyuqnODoRPdpfOWt1YllqBAI6Ui54Ppb7TwI570CkZq:8x5OTiOOD6dp/AlkAm4KpDwIiZq

    Score
    7/10
    bootkitpersistence

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral21behavioral22

    • Target

      $PLUGINSDIR/FindProcDLL.dll

    • Size

      3KB

    • MD5

      8614c450637267afacad1645e23ba24a

    • SHA1

      e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2

    • SHA256

      0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758

    • SHA512

      af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b

    Score
    3/10
    behavioral23behavioral24

    • Target

      $PLUGINSDIR/KillProcDLL.dll

    • Size

      4KB

    • MD5

      99f345cf51b6c3c317d20a81acb11012

    • SHA1

      b3d0355f527c536ea14a8ff51741c8739d66f727

    • SHA256

      c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93

    • SHA512

      937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef

    Score
    3/10
    behavioral25behavioral26

    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      56a321bd011112ec5d8a32b2f6fd3231

    • SHA1

      df20e3a35a1636de64df5290ae5e4e7572447f78

    • SHA256

      bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

    • SHA512

      5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

    • SSDEEP

      192:uv+cJZE61KRWJQO6tFiUdK7ckK4k7l1XRBm0w+NiHi1GSJ:uf6rtFRduQ1W+fG8

    Score
    3/10
    behavioral27behavioral28

    • Target

      $PLUGINSDIR/inetc.dll

    • Size

      20KB

    • MD5

      50fdadda3e993688401f6f1108fabdb4

    • SHA1

      04a9ae55d0fb726be49809582cea41d75bf22a9a

    • SHA256

      6d6ddc0d2b7d59eb91be44939457858ced5eb23cf4aa93ef33bb600eb28de6f6

    • SHA512

      e9628870feea8c3aaefe22a2af41cf34b1c1778c4a0e81d069f50553ce1a23f68a0ba74b296420b2be92425d4995a43e51c018c2e8197ec2ec39305e87c56be8

    • SSDEEP

      384:jQB2ZUVHUxgoJX0eBA6PcH85db+ya9cC0Ac9khYLMkIX0+G5xgZmT+m//a:j/UFeJ5S6PHLNa9cFam/

    Score
    3/10
    behavioral29behavioral30

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      f832e4279c8ff9029b94027803e10e1b

    • SHA1

      134ff09f9c70999da35e73f57b70522dc817e681

    • SHA256

      4cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061

    • SHA512

      bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d

    • SSDEEP

      96:ytJ6tC4jcY5rKhkfL9SYdKkcxM2DjDf3GEfKvBKav+Yx4yndY7ndS27gA:yyj6QS8HREf+BYYxbdqn420

    Score
    3/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

Score
7/10

behavioral2

Score
7/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
5/10

behavioral16

Score
5/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

bootkitpersistence
Score
7/10

behavioral22

bootkitpersistence
Score
7/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

Score
3/10

behavioral26

Score
3/10

behavioral27

Score
3/10

behavioral28

Score
3/10

behavioral29

Score
3/10

behavioral30

Score
3/10

behavioral31

Score
3/10

behavioral32

Score
3/10