Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
8Static
static
73a825b9207...18.exe
windows7-x64
83a825b9207...18.exe
windows10-2004-x64
8$PLUGINSDI...if.dll
windows7-x64
3$PLUGINSDI...if.dll
windows10-2004-x64
3$PLUGINSDI...nt.exe
windows7-x64
7$PLUGINSDI...nt.exe
windows10-2004-x64
7$PLUGINSDI...on.dll
windows7-x64
3$PLUGINSDI...on.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PROGRAMFI...in.dll
windows7-x64
3$PROGRAMFI...in.dll
windows10-2004-x64
3$PROGRAMFI...in.dll
windows7-x64
1$PROGRAMFI...in.dll
windows10-2004-x64
3$PROGRAMFI...rt.dll
windows7-x64
1$PROGRAMFI...rt.dll
windows10-2004-x64
3$PROGRAMFI...rt.dll
windows7-x64
1$PROGRAMFI...rt.dll
windows10-2004-x64
3$PROGRAMFI...11.exe
windows7-x64
1$PROGRAMFI...11.exe
windows10-2004-x64
1$PROGRAMFI...11.exe
windows7-x64
1$PROGRAMFI...11.exe
windows10-2004-x64
1$PROGRAMFI...11.exe
windows7-x64
1$PROGRAMFI...11.exe
windows10-2004-x64
1$PROGRAMFI...11.exe
windows7-x64
1$PROGRAMFI...11.exe
windows10-2004-x64
1$SYSDIR/$S...DI.dll
windows7-x64
5$SYSDIR/$S...DI.dll
windows10-2004-x64
5General
-
Target
3a825b92079ef3b9546ef4e0cb68375e_JaffaCakes118
-
Size
22.8MB
-
Sample
240512-rgaytsch48
-
MD5
3a825b92079ef3b9546ef4e0cb68375e
-
SHA1
1dcee4ff1a66a5832a08f1823661df7e8b331314
-
SHA256
a780198a0feede3a91b8e794d8f2404b85ecb5a93298c38e5223413e1b61acaf
-
SHA512
cacf238128f687d30e4b937a972e238affebcd3edfabc3f5df370ff17608449dd636a793043024fb2742d6643dc4c30c9f550695ed47166ec2bbb5df67f2ddc1
-
SSDEEP
393216:qIud91VS6d2JNBHUxVmxMvNLYtvonjyOtVhEzoZfKeALtPmxHlKeYQtB:pS7hd2axxvNLYKm6hVa0TYQb
Behavioral task
behavioral1
Sample
3a825b92079ef3b9546ef4e0cb68375e_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
3a825b92079ef3b9546ef4e0cb68375e_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/AnimGif.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/AnimGif.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/CCB_DM_LCD_32_silent.exe
Resource
win7-20240215-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/CCB_DM_LCD_32_silent.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/GetVersion.dll
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/GetVersion.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240215-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral15
Sample
$PROGRAMFILES/CCBComponents/Plugins/$PROGRAMFILES/CCBComponents/Plugins/npdmccbplugin.dll
Resource
win7-20240419-en
Behavioral task
behavioral16
Sample
$PROGRAMFILES/CCBComponents/Plugins/$PROGRAMFILES/CCBComponents/Plugins/npdmccbplugin.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
$PROGRAMFILES/CCBComponents/Plugins/$PROGRAMFILES/CCBComponents/Plugins/npdmccbplugin.dll
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
$PROGRAMFILES/CCBComponents/Plugins/$PROGRAMFILES/CCBComponents/Plugins/npdmccbplugin.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
$PROGRAMFILES/CCBComponents/Plugins/$PROGRAMFILES/CCBComponents/Plugins/npdmwritecert.dll
Resource
win7-20240508-en
Behavioral task
behavioral20
Sample
$PROGRAMFILES/CCBComponents/Plugins/$PROGRAMFILES/CCBComponents/Plugins/npdmwritecert.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral21
Sample
$PROGRAMFILES/CCBComponents/Plugins/$PROGRAMFILES/CCBComponents/Plugins/npdmwritecert.dll
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
$PROGRAMFILES/CCBComponents/Plugins/$PROGRAMFILES/CCBComponents/Plugins/npdmwritecert.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
$PROGRAMFILES/CCBComponents/Plugins/CARoot/$PROGRAMFILES/CCBComponents/Plugins/CARoot/CheckP11.exe
Resource
win7-20240508-en
Behavioral task
behavioral24
Sample
$PROGRAMFILES/CCBComponents/Plugins/CARoot/$PROGRAMFILES/CCBComponents/Plugins/CARoot/CheckP11.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral25
Sample
$PROGRAMFILES/CCBComponents/Plugins/CARoot/$PROGRAMFILES/CCBComponents/Plugins/CARoot/CheckP11.exe
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
$PROGRAMFILES/CCBComponents/Plugins/CARoot/$PROGRAMFILES/CCBComponents/Plugins/CARoot/CheckP11.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
$PROGRAMFILES/CCBComponents/Plugins/CARoot/$PROGRAMFILES/CCBComponents/Plugins/CARoot/InstallP11.exe
Resource
win7-20240215-en
Behavioral task
behavioral28
Sample
$PROGRAMFILES/CCBComponents/Plugins/CARoot/$PROGRAMFILES/CCBComponents/Plugins/CARoot/InstallP11.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral29
Sample
$PROGRAMFILES/CCBComponents/Plugins/CARoot/$PROGRAMFILES/CCBComponents/Plugins/CARoot/InstallP11.exe
Resource
win7-20240419-en
Behavioral task
behavioral30
Sample
$PROGRAMFILES/CCBComponents/Plugins/CARoot/$PROGRAMFILES/CCBComponents/Plugins/CARoot/InstallP11.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
$SYSDIR/$SYSDIR/CCBDMBDI.dll
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
$SYSDIR/$SYSDIR/CCBDMBDI.dll
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
3a825b92079ef3b9546ef4e0cb68375e_JaffaCakes118
-
Size
22.8MB
-
MD5
3a825b92079ef3b9546ef4e0cb68375e
-
SHA1
1dcee4ff1a66a5832a08f1823661df7e8b331314
-
SHA256
a780198a0feede3a91b8e794d8f2404b85ecb5a93298c38e5223413e1b61acaf
-
SHA512
cacf238128f687d30e4b937a972e238affebcd3edfabc3f5df370ff17608449dd636a793043024fb2742d6643dc4c30c9f550695ed47166ec2bbb5df67f2ddc1
-
SSDEEP
393216:qIud91VS6d2JNBHUxVmxMvNLYtvonjyOtVhEzoZfKeALtPmxHlKeYQtB:pS7hd2axxvNLYKm6hVa0TYQb
-
Creates new service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
$PLUGINSDIR/AnimGif.dll
-
Size
9KB
-
MD5
11e94fedb34f46458f9dc773a91f2770
-
SHA1
791cf30880c74df9d6f7c1e637e4fdf5fa88b38a
-
SHA256
54ccdcb42fb3e63b7a55e8c0e7d12182a0338ea38b106b793ca048000a189ab5
-
SHA512
57dd38bebdd7d8fbc4b3daeecabc5c2617d4f5b2f6ad2396a702f1da362bc72deacfea2dd1550b0e00269188676324e1b7dd6ed372211c8bf664af824ac8d950
-
SSDEEP
96:kVh/i//UrWWXMAb+6aNqRjTwUWo5zFyRH0aTyZekTIVCAEHZNKNy0p:uh/Bl8AIQR/bWSMRH00yQBEH
Score3/10 -
-
-
Target
$PLUGINSDIR/CCB_DM_LCD_32_silent.exe
-
Size
2.2MB
-
MD5
b02ffa6f60d9892d69e00b4b01c84390
-
SHA1
358fb4e6a7be08b026490abcd5fbbfe8bf855318
-
SHA256
cc925736b2aba91a8190ccbe61dc27ccfdbf6f7b1ff26399a2ddcbdc6da80eea
-
SHA512
9e005259fc81dc2e9a6139ad7b74ff36358b389de79c404c61f4c89ab00b4032ded3cbce2701948be4d9aa184f0bc5137a0939138eb75905e4e8a10d1ab60009
-
SSDEEP
49152:ZwwfGiPKVkPZ/NaOWYiN5BQgJOoT74STVdtGaEF6RZoZeQpeobuXw:Zwi3KVylawUshQsQdRE8LSeaq
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
$PLUGINSDIR/GetVersion.dll
-
Size
9KB
-
MD5
b4cec45a9909c10a8d387c8eb72e8d0d
-
SHA1
609e1ff7627aa88db0adbf79897fc8c786f42be5
-
SHA256
aea495c63eb5aef15961c03a73213ac586830ced769f489b147e8076e59eb8c8
-
SHA512
337e84ec8b5acec83091833d70ffb4828442467d82a044ec6986547d4d55c9e39a861f3d06fd76289dad81b98f44ef7fe70f449db5baa51699464a7d95cc301a
-
SSDEEP
96:MpH/9yVYGHuvJs7p/X6Tx+Jvpd6y6ycm6yHQXlBG4Hezi91Nhh+8Bi46AQ5VuNnZ:MZ/95yT7U4CuA1HNLBi46AQ5VuNxHi
Score3/10 -
-
-
Target
$PLUGINSDIR/KillProcDLL.dll
-
Size
32KB
-
MD5
83142eac84475f4ca889c73f10d9c179
-
SHA1
dbe43c0de8ef881466bd74861b2e5b17598b5ce8
-
SHA256
ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729
-
SHA512
1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1
-
SSDEEP
384:3rYz6grZodORNWATt4TBmlk5ooyzFh7BukAUdJoUtSOSR:3QggDWATWNCFh7BNddJoxO+
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
c17103ae9072a06da581dec998343fc1
-
SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
-
SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
-
SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
$PLUGINSDIR/UserInfo.dll
-
Size
4KB
-
MD5
7579ade7ae1747a31960a228ce02e666
-
SHA1
8ec8571a296737e819dcf86353a43fcf8ec63351
-
SHA256
564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5
-
SHA512
a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b
Score3/10 -
-
-
Target
$PROGRAMFILES/CCBComponents/Plugins/$PROGRAMFILES/CCBComponents/Plugins/npdmccbplugin.dll
-
Size
118KB
-
MD5
a88d3c80e9e1f850fe30c9b97557ea69
-
SHA1
51b0a906439dda5d92a405f1f80acaaf6bf15881
-
SHA256
969c6dc4526a539b2ef4fe8221f9fd0a0f2bc67d6de78057687d251634bd212c
-
SHA512
33e36cdc92646e1045f4f64bc6586f134db9bdc671ed172ada848bac49d81eebdba9a7dd918b5179f8a1399919c0d4f8f8ef326b9df3f4d7bd327dc49b540874
-
SSDEEP
3072:WdhPxVHs3DWng4UKMH6UHxDV41/O5dyigS:WdVxqSg4QH6cBV0W5g
Score3/10 -
-
-
Target
$PROGRAMFILES/CCBComponents/Plugins/$PROGRAMFILES/CCBComponents/Plugins/npdmccbplugin.dll.$1
-
Size
118KB
-
MD5
a88d3c80e9e1f850fe30c9b97557ea69
-
SHA1
51b0a906439dda5d92a405f1f80acaaf6bf15881
-
SHA256
969c6dc4526a539b2ef4fe8221f9fd0a0f2bc67d6de78057687d251634bd212c
-
SHA512
33e36cdc92646e1045f4f64bc6586f134db9bdc671ed172ada848bac49d81eebdba9a7dd918b5179f8a1399919c0d4f8f8ef326b9df3f4d7bd327dc49b540874
-
SSDEEP
3072:WdhPxVHs3DWng4UKMH6UHxDV41/O5dyigS:WdVxqSg4QH6cBV0W5g
Score3/10 -
-
-
Target
$PROGRAMFILES/CCBComponents/Plugins/$PROGRAMFILES/CCBComponents/Plugins/npdmwritecert.dll
-
Size
606KB
-
MD5
07b6d542a6ee05324bc1ad30ba361a19
-
SHA1
f1d790c4e380be74a0647e432156810fe1f2e46c
-
SHA256
4ed67712581a014e6d2e893e339ab16eeb13997f9a7cf54daa1d81fdb9dc43be
-
SHA512
a0d987045950fd58379efaca23c78ad5756d31c58870030604c7a4493fb3b91f52f3e57e7aac92d39c453e2b4a659f28044b07565e916e248e92fa52ae7f11d2
-
SSDEEP
12288:d2/f4sedpF4u5+IimdaKRLuF/unHyYbOR:d2/w9Eu5Rimdao6F/QyYaR
Score3/10 -
-
-
Target
$PROGRAMFILES/CCBComponents/Plugins/$PROGRAMFILES/CCBComponents/Plugins/npdmwritecert.dll.$1
-
Size
606KB
-
MD5
07b6d542a6ee05324bc1ad30ba361a19
-
SHA1
f1d790c4e380be74a0647e432156810fe1f2e46c
-
SHA256
4ed67712581a014e6d2e893e339ab16eeb13997f9a7cf54daa1d81fdb9dc43be
-
SHA512
a0d987045950fd58379efaca23c78ad5756d31c58870030604c7a4493fb3b91f52f3e57e7aac92d39c453e2b4a659f28044b07565e916e248e92fa52ae7f11d2
-
SSDEEP
12288:d2/f4sedpF4u5+IimdaKRLuF/unHyYbOR:d2/w9Eu5Rimdao6F/QyYaR
Score3/10 -
-
-
Target
$PROGRAMFILES/CCBComponents/Plugins/CARoot/$PROGRAMFILES/CCBComponents/Plugins/CARoot/CheckP11.exe
-
Size
45KB
-
MD5
d9967301eb3c30324e05b2d53cea1622
-
SHA1
d1d4f19850d81c7c7cd07e81b6bfab7c924f27af
-
SHA256
9a925779dd06f34da1398d7d9f5209343c93e03cbcefbe0248c388af3c976c9a
-
SHA512
22deb414b396eb311120a774d2f47756c8b3fa6d0b4d11c961172272879d8ba315355b51da9d884d65f5ba14f12fd36387fdb50f1abaadea9223394b138c54a3
-
SSDEEP
768:z1Xb0lXlA94SUy/wgoHO0Zgv6v+x7yWlt+7/VQpjmLWMmlDbCt:z1u5fy/wtHO+gv65w+7VQpjmaDl/Ct
Score1/10 -
-
-
Target
$PROGRAMFILES/CCBComponents/Plugins/CARoot/$PROGRAMFILES/CCBComponents/Plugins/CARoot/CheckP11.exe.$1
-
Size
45KB
-
MD5
d9967301eb3c30324e05b2d53cea1622
-
SHA1
d1d4f19850d81c7c7cd07e81b6bfab7c924f27af
-
SHA256
9a925779dd06f34da1398d7d9f5209343c93e03cbcefbe0248c388af3c976c9a
-
SHA512
22deb414b396eb311120a774d2f47756c8b3fa6d0b4d11c961172272879d8ba315355b51da9d884d65f5ba14f12fd36387fdb50f1abaadea9223394b138c54a3
-
SSDEEP
768:z1Xb0lXlA94SUy/wgoHO0Zgv6v+x7yWlt+7/VQpjmLWMmlDbCt:z1u5fy/wtHO+gv65w+7VQpjmaDl/Ct
Score1/10 -
-
-
Target
$PROGRAMFILES/CCBComponents/Plugins/CARoot/$PROGRAMFILES/CCBComponents/Plugins/CARoot/InstallP11.exe
-
Size
56KB
-
MD5
4cf8946b95aaacc7397528f87f544931
-
SHA1
ea453cca204512982e0f60d848e434e5f069bc94
-
SHA256
690eca7ebb28c4839e2971b5d268eab080c84a34eefff6a3ed1c80bd38b618b1
-
SHA512
f4cc9da0a33760daa331da1c5d8c73f8cdd69b5c9ad76db4a76252b4898fb1ab01a35d9aa856d07a9771e0d8da175ccb569c1f17cb7986ecc599fbd3a4408207
-
SSDEEP
768:mcAV80m0ZhJbkes1/x/IHfDSmaUwCPSVukCs61FTDi+BfuLWMmlDbCYx:pASR0GJ+f2m7PSUFS+FuaDl/CYx
Score1/10 -
-
-
Target
$PROGRAMFILES/CCBComponents/Plugins/CARoot/$PROGRAMFILES/CCBComponents/Plugins/CARoot/InstallP11.exe.$1
-
Size
56KB
-
MD5
4cf8946b95aaacc7397528f87f544931
-
SHA1
ea453cca204512982e0f60d848e434e5f069bc94
-
SHA256
690eca7ebb28c4839e2971b5d268eab080c84a34eefff6a3ed1c80bd38b618b1
-
SHA512
f4cc9da0a33760daa331da1c5d8c73f8cdd69b5c9ad76db4a76252b4898fb1ab01a35d9aa856d07a9771e0d8da175ccb569c1f17cb7986ecc599fbd3a4408207
-
SSDEEP
768:mcAV80m0ZhJbkes1/x/IHfDSmaUwCPSVukCs61FTDi+BfuLWMmlDbCYx:pASR0GJ+f2m7PSUFS+FuaDl/CYx
Score1/10 -
-
-
Target
$SYSDIR/$SYSDIR/CCBDMBDI.dll
-
Size
480KB
-
MD5
f193cf67af971f235f316af24f200d86
-
SHA1
3b22b8a07d0e4348a14a5b4a8288740e1780f5de
-
SHA256
20c1c1f9bfc08e8068a259f99fadecad71084d252aa7a2fe7d23f69a1588bbd0
-
SHA512
84db1b26898d696ad4741126c9856d740ef8d43c85f390a981029973c8adbfca47d432b8dcddfc0ba5c40dd93d810263d517feaa1b8924936a04178fed9da05b
-
SSDEEP
12288:1rJfsfhzdC62CArzwAzVzMAuTa/VOZyZ8UUGU5VvNmhsSgqRsn7tp+a:1rJfwhACArzww/Vn8bvKgqRsd
Score5/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2Defense Evasion
Impair Defenses
1Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1