Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
3a0f26553dd...18.exe
windows7-x64
10a0f26553dd...18.exe
windows10-2004-x64
8$PLUGINSDI...Id.dll
windows7-x64
1$PLUGINSDI...Id.dll
windows10-2004-x64
1$PLUGINSDI...MB.dll
windows7-x64
1$PLUGINSDI...MB.dll
windows10-2004-x64
1$PLUGINSDI...gA.dll
windows7-x64
1$PLUGINSDI...gA.dll
windows10-2004-x64
1$TEMP/auBVPavMwbA.js
windows7-x64
3$TEMP/auBVPavMwbA.js
windows10-2004-x64
3General
-
Target
a0f26553dde5cc1d8ff54d6c92c86dd4_JaffaCakes118
-
Size
6.7MB
-
Sample
240612-rg79bsxgpc
-
MD5
a0f26553dde5cc1d8ff54d6c92c86dd4
-
SHA1
62a8a34ce8a7c7dd4ca42bfdc198adfa0657d4cd
-
SHA256
2397ac46ad9b52de1b72d6821ce44f6fd4815ea6abe449d1b731120d1e0c5ce2
-
SHA512
33b49ea87267895ce6c67ae10b6085d6cfdf963f24222c316ac2b96b9592aba0dc8ff0912351d1909fc599d49de9ff0f371eb9ab8a9dbe99d3314d3fb8aa9c6b
-
SSDEEP
196608:EQU04EBkFK95xMQtICDTh93p4ehtaTfOEnt6DbPwCwHTZ:E7XFaEQjPz3HQTfh6fPwf
Static task
static1
Behavioral task
behavioral1
Sample
a0f26553dde5cc1d8ff54d6c92c86dd4_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
a0f26553dde5cc1d8ff54d6c92c86dd4_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/CCGylfvpPId.dll
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/CCGylfvpPId.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/gHbMwlFrsMB.dll
Resource
win7-20240419-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/gHbMwlFrsMB.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/lDerpvVTsgA.dll
Resource
win7-20240611-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/lDerpvVTsgA.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
$TEMP/auBVPavMwbA.js
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
$TEMP/auBVPavMwbA.js
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
a0f26553dde5cc1d8ff54d6c92c86dd4_JaffaCakes118
-
Size
6.7MB
-
MD5
a0f26553dde5cc1d8ff54d6c92c86dd4
-
SHA1
62a8a34ce8a7c7dd4ca42bfdc198adfa0657d4cd
-
SHA256
2397ac46ad9b52de1b72d6821ce44f6fd4815ea6abe449d1b731120d1e0c5ce2
-
SHA512
33b49ea87267895ce6c67ae10b6085d6cfdf963f24222c316ac2b96b9592aba0dc8ff0912351d1909fc599d49de9ff0f371eb9ab8a9dbe99d3314d3fb8aa9c6b
-
SSDEEP
196608:EQU04EBkFK95xMQtICDTh93p4ehtaTfOEnt6DbPwCwHTZ:E7XFaEQjPz3HQTfh6fPwf
-
Creates new service(s)
-
Drops file in Drivers directory
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
-
-
Target
$PLUGINSDIR/CCGylfvpPId.dll
-
Size
352KB
-
MD5
41061901c1afc95553800c7203a31cd0
-
SHA1
38fc9f859502166bf5e356b8820ed6a48b060f6d
-
SHA256
cc0dc4f6b1bf6627532a8c8ab42ad087f3302000632d22713950f0a8c95e8f05
-
SHA512
c54f0bf158938fa332d482b1190e66cc7856465080fbddc5f7b95ff1f00491d29fa28c49854e6dda73a8e1e11cf2e845754033eb5cfe77327e1625039946c2eb
-
SSDEEP
6144:xp/0ex8EJOlAvXP/gcRrTVHLATBwD5QG9l:tx8aOlAvXP/gcRrBHLAT29Tl
Score1/10 -
-
-
Target
$PLUGINSDIR/gHbMwlFrsMB.dll
-
Size
493KB
-
MD5
31eafd1f2c5bceb7761b52ea85cf6c26
-
SHA1
51045a6eeddc1832a9a71fe95bb746192b1bbb2b
-
SHA256
27e62f38be7bd86e3144888e68ae6dd3cd9afccce244825929409b4e94623dd6
-
SHA512
4aa675ad91e655cb36adabab706d9af07b91e1b0d71799f0a4068f02765d6010cdc15ef59eb15758e569cede0161d5e8797f4f39b7dcbfb97b95770acc18e4a8
-
SSDEEP
12288:WwORL0u2QfuN7N5Mf9eLB6OBOBOBOomzxNrO76nwX:bWL+QI8k4zxNrO76nwX
Score1/10 -
-
-
Target
$PLUGINSDIR/lDerpvVTsgA.dll
-
Size
650KB
-
MD5
e4bdc739307f32b968e32fcebc9c01f6
-
SHA1
5f3d406f01579e3e8a67c05d2e31ec369e14604c
-
SHA256
17d489476f1f2fbe95a5ddb2a95a788528db842153c5582457133a79eb0756e0
-
SHA512
494ab1baf1ba59aa6cb4209dae8d493b784d289c74ba66b34d826aebb4014bb2fdfa3f30680650408048d9197cab5b945936c36cac9529c220048cef4704224e
-
SSDEEP
12288:CTCku/rrJa/ou0Jjppg9Zpnin6QCZeK+YhzyO7LO2TllcrSNCCaBO4m2JEMS7aKd:CWfFrK+Y/7LH+8P4mH7aKKK4O
Score1/10 -
-
-
Target
$TEMP/auBVPavMwbA.js
-
Size
356B
-
MD5
a35b87106725234045494a6404a003f9
-
SHA1
f4d1a2529a271946382c17132a5ebea6449a753f
-
SHA256
17aa4126885d2299ada9a5e3fa5c21dc52e133bfed72a25a96e0152044ea2cd4
-
SHA512
7924482b9e20801dd8d7abacd6fc4d2a1f182e4f663b0a519518e33c04b482d35d17d277af1e9555f9e8a3a92e67935dabbc5302507b2924ac4cc9b34546dd17
Score3/10 -