Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
739ed703234...18.exe
windows7-x64
439ed703234...18.exe
windows10-2004-x64
5$PLUGINSDI...NI.dll
windows7-x64
3$PLUGINSDI...NI.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$_11_/$EXEFILE.exe
windows7-x64
7$_11_/$EXEFILE.exe
windows10-2004-x64
7$APPDATA/T...ve.exe
windows7-x64
6$APPDATA/T...ve.exe
windows10-2004-x64
6$APPDATA/n...zh.exe
windows7-x64
3$APPDATA/n...zh.exe
windows10-2004-x64
3$PLUGINSDI...64.dll
windows7-x64
3$PLUGINSDI...64.dll
windows10-2004-x64
3$PLUGINSDIR/INetC.dll
windows7-x64
3$PLUGINSDIR/INetC.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3nav360.exe
windows7-x64
3nav360.exe
windows10-2004-x64
3$PLUGINSDI...64.dll
windows7-x64
3$PLUGINSDI...64.dll
windows10-2004-x64
3$PLUGINSDIR/INetC.dll
windows7-x64
3$PLUGINSDIR/INetC.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$APPDATA/t...up.exe
windows7-x64
4$APPDATA/t...up.exe
windows10-2004-x64
4General
-
Target
39ed7032343bd7c7c4db33a6fbc629d4_JaffaCakes118
-
Size
31.8MB
-
Sample
240512-nvra7add5x
-
MD5
39ed7032343bd7c7c4db33a6fbc629d4
-
SHA1
9880ae47f815123cdb99f2e0a9633efee464c176
-
SHA256
95b0f18c1661324d752533a94e6cb17e460b46344135d82ff6b224f62545ce8c
-
SHA512
bcdabc5a414e17e4f17bd2ca7b10ad8528e2a74b36f1aa29fcc0ca69d5912b661d09680180ddc5b0548e8c4c96dfc6c6a1c92a2215069b8fc22740f99f795ed8
-
SSDEEP
786432:oSletZgNI34oMNGawdKZvtE7RtWHq07LTP2:FIa+3XM5cG1OiHqKLT+
Behavioral task
behavioral1
Sample
39ed7032343bd7c7c4db33a6fbc629d4_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
39ed7032343bd7c7c4db33a6fbc629d4_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/EnumINI.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/EnumINI.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/v6svc_oem.dll
Resource
win7-20240220-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/v6svc_oem.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
$_11_/$EXEFILE.exe
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
$_11_/$EXEFILE.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral13
Sample
$APPDATA/TypeEasyData/download/uplive.exe
Resource
win7-20240419-en
Behavioral task
behavioral14
Sample
$APPDATA/TypeEasyData/download/uplive.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral15
Sample
$APPDATA/nav360/nav360.4.0.1.2.zh.exe
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
$APPDATA/nav360/nav360.4.0.1.2.zh.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/Base64.dll
Resource
win7-20240220-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/Base64.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/INetC.dll
Resource
win7-20240215-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/INetC.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240508-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
nav360.exe
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
nav360.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
$PLUGINSDIR/Base64.dll
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
$PLUGINSDIR/Base64.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
$PLUGINSDIR/INetC.dll
Resource
win7-20240508-en
Behavioral task
behavioral28
Sample
$PLUGINSDIR/INetC.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240215-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
$APPDATA/taobao/DandelionSetup.exe
Resource
win7-20240220-en
Behavioral task
behavioral32
Sample
$APPDATA/taobao/DandelionSetup.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
39ed7032343bd7c7c4db33a6fbc629d4_JaffaCakes118
-
Size
31.8MB
-
MD5
39ed7032343bd7c7c4db33a6fbc629d4
-
SHA1
9880ae47f815123cdb99f2e0a9633efee464c176
-
SHA256
95b0f18c1661324d752533a94e6cb17e460b46344135d82ff6b224f62545ce8c
-
SHA512
bcdabc5a414e17e4f17bd2ca7b10ad8528e2a74b36f1aa29fcc0ca69d5912b661d09680180ddc5b0548e8c4c96dfc6c6a1c92a2215069b8fc22740f99f795ed8
-
SSDEEP
786432:oSletZgNI34oMNGawdKZvtE7RtWHq07LTP2:FIa+3XM5cG1OiHqKLT+
Score5/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
$PLUGINSDIR/EnumINI.dll
-
Size
3KB
-
MD5
80403ca224c7aa80e92799b4d1eb242d
-
SHA1
7467e15f54f69852261655d477bb3a743c37ad25
-
SHA256
e1852457fe4bbb8ffe90b711fd4eda3f37b5e1bb284673aef0f8aa57a9b0559d
-
SHA512
14f4dae34fb0e073ff2c889fca05f7feb9e4228d6c4951c12326fd5989c44594a9fcef17125bc7f35a04cc2ce103c55c37690fa8f57da29a2508169b1af97b8c
Score3/10 -
-
-
Target
$PLUGINSDIR/FindProcDLL.dll
-
Size
31KB
-
MD5
83cd62eab980e3d64c131799608c8371
-
SHA1
5b57a6842a154997e31fab573c5754b358f5dd1c
-
SHA256
a6122e80f1c51dc72770b4f56c7c482f7a9571143fbf83b19c4d141d0cb19294
-
SHA512
91cfbcc125600ec341f5571dcf1e4a814cf7673f82cf42f32155bd54791bbf32619f2bb14ae871d7996e9ddecdfcc5db40caa0979d6dfba3e73cfe8e69c163c9
-
SSDEEP
384:1NWlNdqdAnhTKMLE2oIM05fnqCiWg3Yy9kflIinokN:1NWtqdihTKCldkYwkdpnoy
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
c17103ae9072a06da581dec998343fc1
-
SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
-
SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
-
SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
$PLUGINSDIR/v6svc_oem.dll
-
Size
179KB
-
MD5
77ae6eb2b0b2458b87b1e2cfa9b33bf2
-
SHA1
624933fd54964d1d13b7ba281fddda51b3ce071c
-
SHA256
c672794f4abd71872ceb48445fa8b30e21698dfa818d22f0ad67ac0d85df9290
-
SHA512
bc77d229fa5c431c2cfc2e853229b8b44ce70cdd8757bb03391d5bafd9212752dfa4402606ea1115fac9f0ea9379afa9432c996b734709909556c89ffa8bda7f
-
SSDEEP
1536:HanBx8ONbQ/mpe7GRkOp1qRGkmGWBhYGfxSELX/RdsbTh+u9S4A5S4n8GQMKWN:8bDG/GXbcRGkmGUNxBHC+VzS4n8Nb
Score3/10 -
-
-
Target
$_11_/$EXEFILE
-
Size
31.6MB
-
MD5
5b4bf2e6f1d951dd71132b761180cca3
-
SHA1
7b1ea94e6f333d5e2a6b986e6917c3e0fd3bebab
-
SHA256
0847888f9209018de9249c9da43b0b0ac290bb72285e92e7dfc26ef1708116ed
-
SHA512
f1437763319da9e7b920a249775e2ca679a943bfa1b28350ede78bb7be433ca57aa6610cbdd79670ff0dac664510207a7575738857df23bf753554c10c8576c5
-
SSDEEP
786432:1rSrP0w6HU+51NVbryj5dYqYrLWsLnDqdka:BO58UQ1XwXO+sLDqd7
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
$APPDATA/TypeEasyData/download/uplive.exe
-
Size
211KB
-
MD5
d9402579144b43784ec8489888f7e738
-
SHA1
f0be7e9f78446eaf0efddeeb03890436ad898ea9
-
SHA256
7067f3d584734dee504fadac8d2f197d46671fad869856834ab947e992de66f6
-
SHA512
7b7bee79c4800d6baf0b8ad9ee6871f1e17ff1c56bd79d2075d16fc94f5d51a5634dfc5248b857da22d372b14140280ab955cf64e4090c23dff2ced6932f1185
-
SSDEEP
3072:5qzk4JdfHKqgHw7KnAVVoy5pP1bKf0yVpPO2M0Z0qps3brt6JH/8Ou4K:5qzk4JdfqqwTyVX5bsG2M0Nps3Vaf82K
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
$APPDATA/nav360/nav360.4.0.1.2.zh.exe
-
Size
134KB
-
MD5
b6ffe434a24c83a12b919383007822ea
-
SHA1
8ed070774f8474359fae60b29bb18705e09e3d25
-
SHA256
696beb295379bae1ee40d1505699cb48382458484506a0f84638624e12091bbc
-
SHA512
bbfc6f8180ddfad7da6960a876b004c6015bf053bc1b49b34384a9c4ed2137fdd3fc5eead9b3dd9aa76bcb255ca6d1085ad938143abeb8e7e95fde0c48424495
-
SSDEEP
3072:u3c1fP4AJJ9McCGb6M2V1au+0zuIn1V1nQ2hGLFnto4zU:8OPjpbCq6N1DaInr1nQrV64Y
Score3/10 -
-
-
Target
$PLUGINSDIR/Base64.dll
-
Size
4KB
-
MD5
f0e3845fefd227d7f1101850410ec849
-
SHA1
3067203fafd4237be0c186ddab7029dfcbdfb53e
-
SHA256
7c688940e73022bf526f07cc922a631a1b1db78a19439af6bafbff2a3b46d554
-
SHA512
584ae5a0d1c1639ba4e2187d0c8a0ac7e54c0be0a266029c4689d81c0c64a7f80e7d918da0df5c6344f9f7a114f30d8f2feda253b29e813bae086604731a3d8a
-
SSDEEP
48:SxSrr7xd14m4bLKwvnvcfDw1hEiauGkDVK+hIg4qT9/3lt:zr7xd14m4qw/vGwrEickDVthcE/
Score3/10 -
-
-
Target
$PLUGINSDIR/INetC.dll
-
Size
21KB
-
MD5
92ec4dd8c0ddd8c4305ae1684ab65fb0
-
SHA1
d850013d582a62e502942f0dd282cc0c29c4310e
-
SHA256
5520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934
-
SHA512
581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651
-
SSDEEP
384:VpOSdCjDyyvBwRlX+ODbswYM2s74NS0v0Ac9khYLMkIX0+Gzyekx:rdCjW/lX1PfYM2X1
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
c17103ae9072a06da581dec998343fc1
-
SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
-
SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
-
SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
nav360.exe
-
Size
103KB
-
MD5
0022b0ec15fa666c5391af467c1aa4af
-
SHA1
2247d87f8c4718a76cd1c8e8e614e1ff11e9adf4
-
SHA256
3426937d5786cd04ebf8e33db5c1a5ece42a3c9b928445c9af4fbcbdb4ba4ff8
-
SHA512
84e7edf503cc287ad7c79e18507d6b2d6ec0745ed065a62fcbb6c11399a8bd32e805134bc16e68fde3ca169d9d34867c2543d98a8a4c0cf0d242a13cd5f23a18
-
SSDEEP
1536:E3cpyORJLuB4P4AJJktqbmAcMVhjGLm9uT0cT1aVs/eGwQ3/MNRbig:E3c1fP4AJJBbVVemYT0chGGwQ3/6br
Score3/10 -
-
-
Target
$PLUGINSDIR/Base64.dll
-
Size
4KB
-
MD5
f0e3845fefd227d7f1101850410ec849
-
SHA1
3067203fafd4237be0c186ddab7029dfcbdfb53e
-
SHA256
7c688940e73022bf526f07cc922a631a1b1db78a19439af6bafbff2a3b46d554
-
SHA512
584ae5a0d1c1639ba4e2187d0c8a0ac7e54c0be0a266029c4689d81c0c64a7f80e7d918da0df5c6344f9f7a114f30d8f2feda253b29e813bae086604731a3d8a
-
SSDEEP
48:SxSrr7xd14m4bLKwvnvcfDw1hEiauGkDVK+hIg4qT9/3lt:zr7xd14m4qw/vGwrEickDVthcE/
Score3/10 -
-
-
Target
$PLUGINSDIR/INetC.dll
-
Size
21KB
-
MD5
92ec4dd8c0ddd8c4305ae1684ab65fb0
-
SHA1
d850013d582a62e502942f0dd282cc0c29c4310e
-
SHA256
5520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934
-
SHA512
581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651
-
SSDEEP
384:VpOSdCjDyyvBwRlX+ODbswYM2s74NS0v0Ac9khYLMkIX0+Gzyekx:rdCjW/lX1PfYM2X1
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
c17103ae9072a06da581dec998343fc1
-
SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
-
SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
-
SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
$APPDATA/taobao/DandelionSetup.exe
-
Size
2.7MB
-
MD5
d8be9818bb96efc5dc3623a499c6d939
-
SHA1
45057afd8726428a43059820e9fecc644ec26051
-
SHA256
a68b343b7c9f14f0bd05b5635a1e66ea3ec6cb4e3eea926c03c6022cb96b7853
-
SHA512
123fe56f91e88f3d5929ee73490fb5646a4e2da7acc34ca1028d4c3531ac3be09270aa9788558b422452df197df2c87001a9004980255a285068400b90d4ba74
-
SSDEEP
49152:EK4MTNWuQChdemZZqpbzokJ7cMGaqO8eeRunhw6l09dglWK8oCWp092cXAMw:Ep68ZChEmZopbU+cMH81Ehwgah9TXG
Score4/10 -