Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
30262065334...18.exe
windows7-x64
70262065334...18.exe
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ib.dll
windows7-x64
3$PLUGINSDI...ib.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3$R0.dll
windows7-x64
1$R0.dll
windows10-2004-x64
1$R2/NSIS.L...2_.exe
windows7-x64
1$R2/NSIS.L...2_.exe
windows10-2004-x64
1$SYSDIR/DWSHK80.dll
windows7-x64
1$SYSDIR/DWSHK80.dll
windows10-2004-x64
1$SYSDIR/MSVBVM60.dll
windows7-x64
1$SYSDIR/MSVBVM60.dll
windows10-2004-x64
1$SYSDIR/VB6KO.dll
windows7-x64
1$SYSDIR/VB6KO.dll
windows10-2004-x64
1$SYSDIR/dwsbc80.dll
windows7-x64
1$SYSDIR/dwsbc80.dll
windows10-2004-x64
1$SYSDIR/dw...80.dll
windows7-x64
1$SYSDIR/dw...80.dll
windows10-2004-x64
1UrlUpdate.exe
windows7-x64
7UrlUpdate.exe
windows10-2004-x64
7efbbar.dll
windows7-x64
1efbbar.dll
windows10-2004-x64
1efsbar.dll
windows7-x64
1efsbar.dll
windows10-2004-x64
1iewindow.exe
windows7-x64
1iewindow.exe
windows10-2004-x64
1nnlogon.exe
windows7-x64
1nnlogon.exe
windows10-2004-x64
1General
-
Target
02620653340ad8d2a425b5e5f8af258f_JaffaCakes118
-
Size
1.5MB
-
Sample
240620-dw63xszhkk
-
MD5
02620653340ad8d2a425b5e5f8af258f
-
SHA1
94f8d4cc9ec4615cfd4a790549e23870f7c8f7a8
-
SHA256
577a7ec9e58665b9b840ce9618e2d330c065dc9a7d7b2109f52e392b77e839c4
-
SHA512
cbf3d33fde12a9d2347550a4a462d1d604fea3b72ffc60ccd51234241b8f1f79ee7923c00b4c762204b473411f082726c2daa950736ada322b8f6baf4c9cb6d3
-
SSDEEP
24576:V2xjlqM8GzLDG8tTo2Rig30oPQ1xTufJLckEY/fudN9GQcCeIRLhlAB2lX:ErqYzGRoqChcC/fkGQwIRLhlKS
Static task
static1
Behavioral task
behavioral1
Sample
02620653340ad8d2a425b5e5f8af258f_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
02620653340ad8d2a425b5e5f8af258f_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/TypeLib.dll
Resource
win7-20240611-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/TypeLib.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral9
Sample
$R0.dll
Resource
win7-20240220-en
Behavioral task
behavioral10
Sample
$R0.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
$R2/NSIS.Library.RegTool.v3.$_2_.exe
Resource
win7-20231129-en
Behavioral task
behavioral12
Sample
$R2/NSIS.Library.RegTool.v3.$_2_.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral13
Sample
$SYSDIR/DWSHK80.dll
Resource
win7-20240419-en
Behavioral task
behavioral14
Sample
$SYSDIR/DWSHK80.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral15
Sample
$SYSDIR/MSVBVM60.dll
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
$SYSDIR/MSVBVM60.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
$SYSDIR/VB6KO.dll
Resource
win7-20240508-en
Behavioral task
behavioral18
Sample
$SYSDIR/VB6KO.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral19
Sample
$SYSDIR/dwsbc80.dll
Resource
win7-20240508-en
Behavioral task
behavioral20
Sample
$SYSDIR/dwsbc80.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
$SYSDIR/dwshengine80.dll
Resource
win7-20231129-en
Behavioral task
behavioral22
Sample
$SYSDIR/dwshengine80.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
UrlUpdate.exe
Resource
win7-20240220-en
Behavioral task
behavioral24
Sample
UrlUpdate.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral25
Sample
efbbar.dll
Resource
win7-20240611-en
Behavioral task
behavioral26
Sample
efbbar.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral27
Sample
efsbar.dll
Resource
win7-20240611-en
Behavioral task
behavioral28
Sample
efsbar.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
iewindow.exe
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
iewindow.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
nnlogon.exe
Resource
win7-20240220-en
Behavioral task
behavioral32
Sample
nnlogon.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
02620653340ad8d2a425b5e5f8af258f_JaffaCakes118
-
Size
1.5MB
-
MD5
02620653340ad8d2a425b5e5f8af258f
-
SHA1
94f8d4cc9ec4615cfd4a790549e23870f7c8f7a8
-
SHA256
577a7ec9e58665b9b840ce9618e2d330c065dc9a7d7b2109f52e392b77e839c4
-
SHA512
cbf3d33fde12a9d2347550a4a462d1d604fea3b72ffc60ccd51234241b8f1f79ee7923c00b4c762204b473411f082726c2daa950736ada322b8f6baf4c9cb6d3
-
SSDEEP
24576:V2xjlqM8GzLDG8tTo2Rig30oPQ1xTufJLckEY/fudN9GQcCeIRLhlAB2lX:ErqYzGRoqChcC/fkGQwIRLhlKS
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
c17103ae9072a06da581dec998343fc1
-
SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
-
SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
-
SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
$PLUGINSDIR/TypeLib.dll
-
Size
3KB
-
MD5
56abaa41368ddf53d01421760f9d72f4
-
SHA1
68a4e41d46366e8116bdfeba34d94b628fc6fb45
-
SHA256
75c206fba2ec5d344ca514e6451d8892f939f15e8afc1c132bbc9eca886ed1de
-
SHA512
98aaee865ee756f6193fb89f35aaf019953c597f92f0e6d3f4a8ead27d5c09f8ac9d39b547a655f2eb4ce6b8867b4e12a20f43749bce3bc2a5f7e668378649d9
Score3/10 -
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
6KB
-
MD5
acc2b699edfea5bf5aae45aba3a41e96
-
SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2
-
SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e
-
SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe
-
SSDEEP
96:M7GUb+YNfwgcr8zyKwZ5S4JxN8BS0ef9/3VI9d0qqyVgNk32E:eKgfwgcr8zylsB49Ud0qJVgNX
Score3/10 -
-
-
Target
$R0
-
Size
173KB
-
MD5
ed9849f48772d4ec5e908d734c00c961
-
SHA1
b0a0f33eceefcdc18da32a67297637610fe9054c
-
SHA256
8899425303feb63b583a562189f50458d16c805f1d363a61fdee0444833ab644
-
SHA512
3ce061c449c6379fa0f7178280b69aea3ebeb97fec24eb54984fc78f1fd1d8fa66be8a3347a07982bfae566feb93b28da662061cee8ddee5cfa6f34811ae3190
-
SSDEEP
3072:SjBQd3XAoj5hVaOwS5WGZzr889gZ2X+ubHIvNrGE8UZsn0:BdeS5WGZeZDNZjR
Score1/10 -
-
-
Target
$R2/NSIS.Library.RegTool.v3.$_2_.exe
-
Size
5KB
-
MD5
1f694e53532eb452ce7ae7f4523fde76
-
SHA1
59609431a30f3a01aa07003dd09e9600961fbc2f
-
SHA256
13e8d49e4729e2e6f71956770582c1ec2b632068a3cc9eb8fdc7a3428bab151c
-
SHA512
046334e0ea75227938c706c2fa7a7ca64cc10433eeeb1835a045f5a079beceb1a059e44f348d2f1d6e2797de966c3004f3a9c37b78a1b18c90fb851edeac38f9
-
SSDEEP
96:GFw199Edyn/3sxi2sS8HVrqbdC9Xh+MClQGZ56:D19CgfsbsS8HVWbd9XlQGZ5
Score1/10 -
-
-
Target
$SYSDIR/DWSHK80.OCX
-
Size
200KB
-
MD5
956041a95acf9738b712c71c55672094
-
SHA1
84959e2c0b07d631de4f71da32e1c3c301285e68
-
SHA256
8413fe7000baca9e7a2fdef33922d17d97ef9d16799444b945b3c73fee953c6b
-
SHA512
c93085f6e4159e3a75e9167e036214930a3ec3960d5eb3e0812f164a841f60b1c3454bcc7a2227b7d0e80c303db11d322a1e6862d643a614c32e4d6b1798b298
-
SSDEEP
6144:BE0Jarr0dWt86FKhOO1ITPKFD7Mq0BTv:+0c3mWi6ElKR
Score1/10 -
-
-
Target
$SYSDIR/MSVBVM60.DLL
-
Size
1.3MB
-
MD5
88ef14f379e050e8df3ba9a9462945e9
-
SHA1
b965d2bd4e3528d7b76ad465ae2c75a83507cf4e
-
SHA256
0202ddcf449dc8a0b4c56e786222da56c23c97bdc721d751fb169881df2626fe
-
SHA512
5efe90bd5ad79b833f94ce51a4b6fafbe26e09497ecbefff03bff7a8d9d2d4c4dbd30c74ac445e53cbce183fd992176226a3408cbbb677c6e69ba10d1b6f683c
-
SSDEEP
24576:CnsZfH8WK6FuXqt5K8whx12tnqIVB62ezzV8d/v3HTYTcfzBRKdfg6:Cim7x12tnq+62ezzVK3HTYoai6
Score1/10 -
-
-
Target
$SYSDIR/VB6KO.DLL
-
Size
99KB
-
MD5
84742b5754690ed667372be561cf518d
-
SHA1
ef97aa43f804f447498568fc33704800b91a7381
-
SHA256
52b64e2bfc9ee0b807f2095726ace9e911bcd907054ac15686a4e7d2fd4dc751
-
SHA512
72ac19a3665a01519dac2ad43eb6178a66ad7f4e167f2a882cbca242978f8debe3e15d0e210c3b0391590699999f33a1fd5de4ca6559ff894b4e6cb4ac1415a0
-
SSDEEP
768:J2rURM7RMwTQvsF51u5tyxwgyBEkLki6Ynb:J2rwWRjM0FCagQi6Yb
Score1/10 -
-
-
Target
$SYSDIR/dwsbc80.OCX
-
Size
167KB
-
MD5
456b24a38b8e2d2f3303e0b4d05cc929
-
SHA1
3c981bbac31706cc9189605959f9eba7acbb17a7
-
SHA256
242934d4d92948817dd00eec4e8592f7044f5bfc7b2ad2603c826c5cea7b09e5
-
SHA512
4476f50a9ade47c848f882b56758111d39a79e61ac62cebf09c8b8d7baaaa77767c11da6e6732caa383b372d0d8a49be116e111299f637e2ea722fa5fd978385
-
SSDEEP
3072:K33ebWXothdt1FFfPLyKq1YeoXijMkcI1SjX7iO1ChheO/n3hzOi:DN9LjgiiO1ChheO/n3
Score1/10 -
-
-
Target
$SYSDIR/dwshengine80.dll
-
Size
137KB
-
MD5
df901a23e6da0cad1981f0a7c13fbf24
-
SHA1
78f8f8e857e5ce4dce9fdc6658b5780b07167df7
-
SHA256
a8ab488c1ffeed943a68ce7f72fa2eb1b9b21b62c01fbd405a93906a4b357621
-
SHA512
1d530caccd728006b1c169a9684044b45384ff4caca02f95c26e15339c4bcfad00f70a85b9f3b6d6d84aed242536ecea454636688e33fa6c6558f67378fc8228
-
SSDEEP
3072:jVEYo+V9rYoQ7/pnDeZtVbbOtF4759qDD2:jVEYdHE/CbOto59
Score1/10 -
-
-
Target
UrlUpdate.exe
-
Size
152KB
-
MD5
df4c70adfe3ee8e7d0a7d396754681ea
-
SHA1
86d6bc8e6961a01aa689909d678512e0e3bc202c
-
SHA256
94a6a81ad5c12aec33d7274e43ed8197cd476bb9680724995631fd971e8a3d86
-
SHA512
94e8fa6c92cbb30320b2067158549e6079be66489c4a2c8008ec7675d9135cddd477137b3c08fe7e7a41d2da6fcc3732d9ae10e8bc47226108938249fa33fa4e
-
SSDEEP
3072:T6npLFsb893Sn3dkJht04WD2spOL/KGKlhcpguZh5pXK1zZcsbAM:+0nNke4WdUL/KGKlhcpguZHpXK1z0M
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
efbbar.dll
-
Size
168KB
-
MD5
da641973a719e465fb28389c8277009f
-
SHA1
d3c808a07226304e6549eed80b87272e1bcda0ea
-
SHA256
acf3a2dc80f5deb6d81c674a5edc163ea8ba6e6898c750159cf74ae8f00199f2
-
SHA512
6bffd8ffe167b0426a5021ecaefd9f1473a401e73db88708ed0561f1f2cefe18ae1b958ba7e079622b62e10d25fa0b5cc5802642f627f95275d45cd524f8c40f
-
SSDEEP
3072:Wf3mtWDf4Jlt71YGCKPMEPHNE2I/1/7Fx:WPm2fw7q8PLPtnm/
Score1/10 -
-
-
Target
efsbar.dll
-
Size
149KB
-
MD5
26eccc32791911ccdfe0aec05f733cf8
-
SHA1
cf0ffd6ee73c6dcb7cd52f4a863b6a5e44c29cbd
-
SHA256
b4f5d03f1649f2631e122dba48a18e3ee705d073ce5800bda90730d0ad6a35c1
-
SHA512
6841d08827476416bdc8ee2a224c0f2aaa8827acc32a78e1ecd3fecd796fadc2fc4aaf78af11f9e14a6ffcbc70bf7205c482f34a36ec07d3cc412d45d62cdf35
-
SSDEEP
1536:Wr4H2HeDqt8Q7h3fKHiJdbYBsPV30tgyFicvjRvNLMzuH8UkUYjSzgUSYez2eJIy:WfHe68G3mOZxV3WgSZFCzuHMxrUnu
Score1/10 -
-
-
Target
iewindow.exe
-
Size
405KB
-
MD5
c586e5bf4514ad24b6a0002e13d6452b
-
SHA1
6d22ea2e2ae087864c0f91a602cf5b588c54126e
-
SHA256
813be8eb3e53948faa20f051023fa132fd564e977c7932d130f5ea7a19c0d5dd
-
SHA512
a917390bda68c91f82764eb93ea5d9ce9d330fda9fe24b6956ee16312f342bf4213e0c8f737d83feb8bbf70f82df41d2c7720d4cbaa92982a9584987ea2327e1
-
SSDEEP
6144:NzIHrlVzNOKvt9mI0E3BDh/9nk85ziUpUox/vb5FH7869Hbdu:xKQKHH0+BN/9HdiBohT5FoyHbg
Score1/10 -
-
-
Target
nnlogon.exe
-
Size
68KB
-
MD5
4f8ec9279ce71a9feafd811a2a0fe8fc
-
SHA1
8c5e103eeb3dec74297b41739a28eb0c1b4d0478
-
SHA256
8a730e05ec59ca9c2bea7b950b7178c5174da28d0843ba1f3f10b47e352b219d
-
SHA512
61c0b531b0530afba51138bc8d876a715e059fa716652b9155bead099c1e6dea9a972f219bc593d6e0ef4d7bc849a9108cb6cd99eb72e61d8d0f45e3199908c9
-
SSDEEP
768:G1UEOcy9lHXBT/J33p47yTeXeJIYwnbVYcWB5vUL6CdLQC2fQEH:G1UMERp47yTLJGnbVYWL7dLAQEH
Score1/10 -