Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
8Static
static
73b4bc58ccc...18.exe
windows7-x64
83b4bc58ccc...18.exe
windows10-2004-x64
8$PLUGINSDI...nt.exe
windows7-x64
7$PLUGINSDI...nt.exe
windows10-2004-x64
7$PLUGINSDI...on.dll
windows7-x64
3$PLUGINSDI...on.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PROGRAMFI...in.dll
windows7-x64
3$PROGRAMFI...in.dll
windows10-2004-x64
3$PROGRAMFI...in.dll
windows7-x64
3$PROGRAMFI...in.dll
windows10-2004-x64
3$PROGRAMFI...rt.dll
windows7-x64
3$PROGRAMFI...rt.dll
windows10-2004-x64
3$PROGRAMFI...rt.dll
windows7-x64
1$PROGRAMFI...rt.dll
windows10-2004-x64
3$PROGRAMFI...11.exe
windows7-x64
1$PROGRAMFI...11.exe
windows10-2004-x64
1$PROGRAMFI...11.exe
windows7-x64
1$PROGRAMFI...11.exe
windows10-2004-x64
1$PROGRAMFI...11.exe
windows7-x64
1$PROGRAMFI...11.exe
windows10-2004-x64
1$PROGRAMFI...11.exe
windows7-x64
1$PROGRAMFI...11.exe
windows10-2004-x64
1$SYSDIR/$S...DI.dll
windows7-x64
5$SYSDIR/$S...DI.dll
windows10-2004-x64
5$SYSDIR/$S...DI.dll
windows7-x64
5$SYSDIR/$S...DI.dll
windows10-2004-x64
5General
-
Target
3b4bc58ccc9d3b7cc593bbf228255a3f_JaffaCakes118
-
Size
23.9MB
-
Sample
240512-v6xexabd65
-
MD5
3b4bc58ccc9d3b7cc593bbf228255a3f
-
SHA1
323f70c103705ce86db4309a0f6863fe0cf76e38
-
SHA256
b64324cf3e3fe9e4d6dad9fc9da32b963a6d845f9e47473394ceb33eddac1fed
-
SHA512
40e275c70355e32d46243ee11bf9de31241b13a7adfcf09c6f07571dabc918773ba47787cf209a926260c3dfbe38443cd7cc9285fd4df9eaa596f5e235f4deaf
-
SSDEEP
393216:8K8zOUmoejKYL2uilJXPlJyu0s+3W2Qm/niWbZ4B9mESYfz9lJJIu5cpCqS1Guy:n8zD8KYGXPfX0x33QGp4jmEFzz5CCDy
Behavioral task
behavioral1
Sample
3b4bc58ccc9d3b7cc593bbf228255a3f_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
3b4bc58ccc9d3b7cc593bbf228255a3f_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/CCB_DM_LCD_32_silent.exe
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/CCB_DM_LCD_32_silent.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/GetVersion.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/GetVersion.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240215-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
$PROGRAMFILES/CCBComponents/Plugins/$PROGRAMFILES/CCBComponents/Plugins/npdmccbplugin.dll
Resource
win7-20240419-en
Behavioral task
behavioral14
Sample
$PROGRAMFILES/CCBComponents/Plugins/$PROGRAMFILES/CCBComponents/Plugins/npdmccbplugin.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
$PROGRAMFILES/CCBComponents/Plugins/$PROGRAMFILES/CCBComponents/Plugins/npdmccbplugin.dll
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
$PROGRAMFILES/CCBComponents/Plugins/$PROGRAMFILES/CCBComponents/Plugins/npdmccbplugin.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral17
Sample
$PROGRAMFILES/CCBComponents/Plugins/$PROGRAMFILES/CCBComponents/Plugins/npdmwritecert.dll
Resource
win7-20231129-en
Behavioral task
behavioral18
Sample
$PROGRAMFILES/CCBComponents/Plugins/$PROGRAMFILES/CCBComponents/Plugins/npdmwritecert.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
$PROGRAMFILES/CCBComponents/Plugins/$PROGRAMFILES/CCBComponents/Plugins/npdmwritecert.dll
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
$PROGRAMFILES/CCBComponents/Plugins/$PROGRAMFILES/CCBComponents/Plugins/npdmwritecert.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
$PROGRAMFILES/CCBComponents/Plugins/CARoot/$PROGRAMFILES/CCBComponents/Plugins/CARoot/CheckP11.exe
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
$PROGRAMFILES/CCBComponents/Plugins/CARoot/$PROGRAMFILES/CCBComponents/Plugins/CARoot/CheckP11.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
$PROGRAMFILES/CCBComponents/Plugins/CARoot/$PROGRAMFILES/CCBComponents/Plugins/CARoot/CheckP11.exe
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
$PROGRAMFILES/CCBComponents/Plugins/CARoot/$PROGRAMFILES/CCBComponents/Plugins/CARoot/CheckP11.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral25
Sample
$PROGRAMFILES/CCBComponents/Plugins/CARoot/$PROGRAMFILES/CCBComponents/Plugins/CARoot/InstallP11.exe
Resource
win7-20240419-en
Behavioral task
behavioral26
Sample
$PROGRAMFILES/CCBComponents/Plugins/CARoot/$PROGRAMFILES/CCBComponents/Plugins/CARoot/InstallP11.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
$PROGRAMFILES/CCBComponents/Plugins/CARoot/$PROGRAMFILES/CCBComponents/Plugins/CARoot/InstallP11.exe
Resource
win7-20240220-en
Behavioral task
behavioral28
Sample
$PROGRAMFILES/CCBComponents/Plugins/CARoot/$PROGRAMFILES/CCBComponents/Plugins/CARoot/InstallP11.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
$SYSDIR/$SYSDIR/CCBDMBDI.dll
Resource
win7-20231129-en
Behavioral task
behavioral30
Sample
$SYSDIR/$SYSDIR/CCBDMBDI.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
$SYSDIR/$SYSDIR/CCBDMBDI.dll
Resource
win7-20240215-en
Behavioral task
behavioral32
Sample
$SYSDIR/$SYSDIR/CCBDMBDI.dll
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
3b4bc58ccc9d3b7cc593bbf228255a3f_JaffaCakes118
-
Size
23.9MB
-
MD5
3b4bc58ccc9d3b7cc593bbf228255a3f
-
SHA1
323f70c103705ce86db4309a0f6863fe0cf76e38
-
SHA256
b64324cf3e3fe9e4d6dad9fc9da32b963a6d845f9e47473394ceb33eddac1fed
-
SHA512
40e275c70355e32d46243ee11bf9de31241b13a7adfcf09c6f07571dabc918773ba47787cf209a926260c3dfbe38443cd7cc9285fd4df9eaa596f5e235f4deaf
-
SSDEEP
393216:8K8zOUmoejKYL2uilJXPlJyu0s+3W2Qm/niWbZ4B9mESYfz9lJJIu5cpCqS1Guy:n8zD8KYGXPfX0x33QGp4jmEFzz5CCDy
-
Creates new service(s)
-
Adds Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
$PLUGINSDIR/CCB_DM_LCD_32_silent.exe
-
Size
4.2MB
-
MD5
41eb203bdc4ad6aecac9ea2ccac4afd9
-
SHA1
b6c35b4171581fc61a6c39cc8d2ccd54b22f4c86
-
SHA256
d87e85a1cebd90e0fc680c5487488fe93a66d0c8b2f73c37705759a5f67a6bd2
-
SHA512
ff15025671e5df2c75b315bdf81bd9de10d833c5189d35437cb38a38c80b4afcc24e060b05fe0d3e370b90ebe099afd930876a72a6c23ef57a473ffb94cf0e68
-
SSDEEP
98304:oujyjE14MDuihGwBYJirNMVABqdFgugNvGBKwngx+IYe6Z:oAhqihNYJ0eweFgu4vGswg8
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
$PLUGINSDIR/GetVersion.dll
-
Size
9KB
-
MD5
b4cec45a9909c10a8d387c8eb72e8d0d
-
SHA1
609e1ff7627aa88db0adbf79897fc8c786f42be5
-
SHA256
aea495c63eb5aef15961c03a73213ac586830ced769f489b147e8076e59eb8c8
-
SHA512
337e84ec8b5acec83091833d70ffb4828442467d82a044ec6986547d4d55c9e39a861f3d06fd76289dad81b98f44ef7fe70f449db5baa51699464a7d95cc301a
-
SSDEEP
96:MpH/9yVYGHuvJs7p/X6Tx+Jvpd6y6ycm6yHQXlBG4Hezi91Nhh+8Bi46AQ5VuNnZ:MZ/95yT7U4CuA1HNLBi46AQ5VuNxHi
Score3/10 -
-
-
Target
$PLUGINSDIR/KillProcDLL.dll
-
Size
32KB
-
MD5
83142eac84475f4ca889c73f10d9c179
-
SHA1
dbe43c0de8ef881466bd74861b2e5b17598b5ce8
-
SHA256
ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729
-
SHA512
1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1
-
SSDEEP
384:3rYz6grZodORNWATt4TBmlk5ooyzFh7BukAUdJoUtSOSR:3QggDWATWNCFh7BNddJoxO+
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
00a0194c20ee912257df53bfe258ee4a
-
SHA1
d7b4e319bc5119024690dc8230b9cc919b1b86b2
-
SHA256
dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
-
SHA512
3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
$PLUGINSDIR/UserInfo.dll
-
Size
4KB
-
MD5
1e8e11f465afdabe97f529705786b368
-
SHA1
ea42bed65df6618c5f5648567d81f3935e70a2a0
-
SHA256
7d099352c82612ab27ddfd7310c1aa049b58128fb04ea6ea55816a40a6f6487b
-
SHA512
16566a8c1738e26962139aae893629098dc759e4ac87df3e8eb9819df4e0e422421836bb1e4240377e00fb2f4408ce40f40eee413d0f6dd2f3a4e27a52d49a0b
Score3/10 -
-
-
Target
$PROGRAMFILES/CCBComponents/Plugins/$PROGRAMFILES/CCBComponents/Plugins/npdmccbplugin.dll
-
Size
118KB
-
MD5
a88d3c80e9e1f850fe30c9b97557ea69
-
SHA1
51b0a906439dda5d92a405f1f80acaaf6bf15881
-
SHA256
969c6dc4526a539b2ef4fe8221f9fd0a0f2bc67d6de78057687d251634bd212c
-
SHA512
33e36cdc92646e1045f4f64bc6586f134db9bdc671ed172ada848bac49d81eebdba9a7dd918b5179f8a1399919c0d4f8f8ef326b9df3f4d7bd327dc49b540874
-
SSDEEP
3072:WdhPxVHs3DWng4UKMH6UHxDV41/O5dyigS:WdVxqSg4QH6cBV0W5g
Score3/10 -
-
-
Target
$PROGRAMFILES/CCBComponents/Plugins/$PROGRAMFILES/CCBComponents/Plugins/npdmccbplugin.dll.$1
-
Size
118KB
-
MD5
a88d3c80e9e1f850fe30c9b97557ea69
-
SHA1
51b0a906439dda5d92a405f1f80acaaf6bf15881
-
SHA256
969c6dc4526a539b2ef4fe8221f9fd0a0f2bc67d6de78057687d251634bd212c
-
SHA512
33e36cdc92646e1045f4f64bc6586f134db9bdc671ed172ada848bac49d81eebdba9a7dd918b5179f8a1399919c0d4f8f8ef326b9df3f4d7bd327dc49b540874
-
SSDEEP
3072:WdhPxVHs3DWng4UKMH6UHxDV41/O5dyigS:WdVxqSg4QH6cBV0W5g
Score3/10 -
-
-
Target
$PROGRAMFILES/CCBComponents/Plugins/$PROGRAMFILES/CCBComponents/Plugins/npdmwritecert.dll
-
Size
606KB
-
MD5
07b6d542a6ee05324bc1ad30ba361a19
-
SHA1
f1d790c4e380be74a0647e432156810fe1f2e46c
-
SHA256
4ed67712581a014e6d2e893e339ab16eeb13997f9a7cf54daa1d81fdb9dc43be
-
SHA512
a0d987045950fd58379efaca23c78ad5756d31c58870030604c7a4493fb3b91f52f3e57e7aac92d39c453e2b4a659f28044b07565e916e248e92fa52ae7f11d2
-
SSDEEP
12288:d2/f4sedpF4u5+IimdaKRLuF/unHyYbOR:d2/w9Eu5Rimdao6F/QyYaR
Score3/10 -
-
-
Target
$PROGRAMFILES/CCBComponents/Plugins/$PROGRAMFILES/CCBComponents/Plugins/npdmwritecert.dll.$1
-
Size
606KB
-
MD5
07b6d542a6ee05324bc1ad30ba361a19
-
SHA1
f1d790c4e380be74a0647e432156810fe1f2e46c
-
SHA256
4ed67712581a014e6d2e893e339ab16eeb13997f9a7cf54daa1d81fdb9dc43be
-
SHA512
a0d987045950fd58379efaca23c78ad5756d31c58870030604c7a4493fb3b91f52f3e57e7aac92d39c453e2b4a659f28044b07565e916e248e92fa52ae7f11d2
-
SSDEEP
12288:d2/f4sedpF4u5+IimdaKRLuF/unHyYbOR:d2/w9Eu5Rimdao6F/QyYaR
Score3/10 -
-
-
Target
$PROGRAMFILES/CCBComponents/Plugins/CARoot/$PROGRAMFILES/CCBComponents/Plugins/CARoot/CheckP11.exe
-
Size
45KB
-
MD5
d9967301eb3c30324e05b2d53cea1622
-
SHA1
d1d4f19850d81c7c7cd07e81b6bfab7c924f27af
-
SHA256
9a925779dd06f34da1398d7d9f5209343c93e03cbcefbe0248c388af3c976c9a
-
SHA512
22deb414b396eb311120a774d2f47756c8b3fa6d0b4d11c961172272879d8ba315355b51da9d884d65f5ba14f12fd36387fdb50f1abaadea9223394b138c54a3
-
SSDEEP
768:z1Xb0lXlA94SUy/wgoHO0Zgv6v+x7yWlt+7/VQpjmLWMmlDbCt:z1u5fy/wtHO+gv65w+7VQpjmaDl/Ct
Score1/10 -
-
-
Target
$PROGRAMFILES/CCBComponents/Plugins/CARoot/$PROGRAMFILES/CCBComponents/Plugins/CARoot/CheckP11.exe.$1
-
Size
45KB
-
MD5
d9967301eb3c30324e05b2d53cea1622
-
SHA1
d1d4f19850d81c7c7cd07e81b6bfab7c924f27af
-
SHA256
9a925779dd06f34da1398d7d9f5209343c93e03cbcefbe0248c388af3c976c9a
-
SHA512
22deb414b396eb311120a774d2f47756c8b3fa6d0b4d11c961172272879d8ba315355b51da9d884d65f5ba14f12fd36387fdb50f1abaadea9223394b138c54a3
-
SSDEEP
768:z1Xb0lXlA94SUy/wgoHO0Zgv6v+x7yWlt+7/VQpjmLWMmlDbCt:z1u5fy/wtHO+gv65w+7VQpjmaDl/Ct
Score1/10 -
-
-
Target
$PROGRAMFILES/CCBComponents/Plugins/CARoot/$PROGRAMFILES/CCBComponents/Plugins/CARoot/InstallP11.exe
-
Size
56KB
-
MD5
4cf8946b95aaacc7397528f87f544931
-
SHA1
ea453cca204512982e0f60d848e434e5f069bc94
-
SHA256
690eca7ebb28c4839e2971b5d268eab080c84a34eefff6a3ed1c80bd38b618b1
-
SHA512
f4cc9da0a33760daa331da1c5d8c73f8cdd69b5c9ad76db4a76252b4898fb1ab01a35d9aa856d07a9771e0d8da175ccb569c1f17cb7986ecc599fbd3a4408207
-
SSDEEP
768:mcAV80m0ZhJbkes1/x/IHfDSmaUwCPSVukCs61FTDi+BfuLWMmlDbCYx:pASR0GJ+f2m7PSUFS+FuaDl/CYx
Score1/10 -
-
-
Target
$PROGRAMFILES/CCBComponents/Plugins/CARoot/$PROGRAMFILES/CCBComponents/Plugins/CARoot/InstallP11.exe.$1
-
Size
56KB
-
MD5
4cf8946b95aaacc7397528f87f544931
-
SHA1
ea453cca204512982e0f60d848e434e5f069bc94
-
SHA256
690eca7ebb28c4839e2971b5d268eab080c84a34eefff6a3ed1c80bd38b618b1
-
SHA512
f4cc9da0a33760daa331da1c5d8c73f8cdd69b5c9ad76db4a76252b4898fb1ab01a35d9aa856d07a9771e0d8da175ccb569c1f17cb7986ecc599fbd3a4408207
-
SSDEEP
768:mcAV80m0ZhJbkes1/x/IHfDSmaUwCPSVukCs61FTDi+BfuLWMmlDbCYx:pASR0GJ+f2m7PSUFS+FuaDl/CYx
Score1/10 -
-
-
Target
$SYSDIR/$SYSDIR/CCBDMBDI.dll
-
Size
513KB
-
MD5
193a33c6c16f816c22deb5d5738c7306
-
SHA1
3e174015d9d87be3a213002c1a99228e9dc5b6ea
-
SHA256
4c67fffcccdf3e51e110959b1df4fe67303737c4000f8bd33cd9e92d84daa681
-
SHA512
b623655dd59084b2f9057c793e5b9ab9c6b8f3e627f9a0d871b0e4bdbff2486691cfa6b8f1a11177f127488c92d78725da6cfd52c741731fb65d3b303b8880d4
-
SSDEEP
12288:HAfAAHChpsAx2uXeihpgZb78LYq7Mbr22bw6mgESjgSc:HLAuFFPgVvDbw6mgEhSc
Score5/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
$SYSDIR/$SYSDIR/CCBDMBDI.dll.$1
-
Size
513KB
-
MD5
193a33c6c16f816c22deb5d5738c7306
-
SHA1
3e174015d9d87be3a213002c1a99228e9dc5b6ea
-
SHA256
4c67fffcccdf3e51e110959b1df4fe67303737c4000f8bd33cd9e92d84daa681
-
SHA512
b623655dd59084b2f9057c793e5b9ab9c6b8f3e627f9a0d871b0e4bdbff2486691cfa6b8f1a11177f127488c92d78725da6cfd52c741731fb65d3b303b8880d4
-
SSDEEP
12288:HAfAAHChpsAx2uXeihpgZb78LYq7Mbr22bw6mgESjgSc:HLAuFFPgVvDbw6mgEhSc
Score5/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2Defense Evasion
Impair Defenses
1Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1