Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
8Static
static
35f614b3d2a...18.exe
windows7-x64
85f614b3d2a...18.exe
windows10-2004-x64
8$PLUGINSDI...in.dll
windows7-x64
3$PLUGINSDI...in.dll
windows10-2004-x64
3$PLUGINSDI...rt.dll
windows7-x64
1$PLUGINSDI...rt.dll
windows10-2004-x64
1$PLUGINSDIR/Base.dll
windows7-x64
3$PLUGINSDIR/Base.dll
windows10-2004-x64
3$PLUGINSDI...er.dll
windows7-x64
1$PLUGINSDI...er.dll
windows10-2004-x64
1$PLUGINSDI...ol.dll
windows7-x64
3$PLUGINSDI...ol.dll
windows10-2004-x64
3$PLUGINSDI...rt.dll
windows7-x64
1$PLUGINSDI...rt.dll
windows10-2004-x64
1$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/Utils.dll
windows7-x64
3$PLUGINSDIR/Utils.dll
windows10-2004-x64
3$PLUGINSDI...00.dll
windows7-x64
3$PLUGINSDI...00.dll
windows10-2004-x64
3$PLUGINSDI...00.dll
windows7-x64
3$PLUGINSDI...00.dll
windows10-2004-x64
3$_15_/Baid...ce.dll
windows7-x64
1$_15_/Baid...ce.dll
windows10-2004-x64
1$_15_/Baid...ll.dll
windows7-x64
1$_15_/Baid...ll.dll
windows10-2004-x64
1$_15_/Baid...ot.exe
windows7-x64
1$_15_/Baid...ot.exe
windows10-2004-x64
1BDDocker.dll
windows7-x64
1BDDocker.dll
windows10-2004-x64
1BDDocker.exe
windows7-x64
1BDDocker.exe
windows10-2004-x64
1General
-
Target
5f614b3d2a686b4995c38b91324d8fdb_JaffaCakes118
-
Size
10.6MB
-
Sample
240720-g8z2xstfja
-
MD5
5f614b3d2a686b4995c38b91324d8fdb
-
SHA1
72c298fb258d9e318aba64e900e91f3174cb2dbe
-
SHA256
531313033fdb71c44c0791f56679e55c36f06fa6250f90f68ebaf42e7a2a044b
-
SHA512
778c0d3ac4a7091cd09a5a9de4b3e41ea7c94c334af6219c85cf2f275feb3345adb42221193f6aac14e84fd1110ff52afb14cf24a7e7333bcbdf60fedb41681c
-
SSDEEP
196608:NBHC8KwHrU6Ery5NXJZzkl3fP0puCSe3xb1WujMYJroJiPEgI2fPZdms:DC8K6rery5ZDzklPMpuCl50uXozCPZb
Static task
static1
Behavioral task
behavioral1
Sample
5f614b3d2a686b4995c38b91324d8fdb_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
5f614b3d2a686b4995c38b91324d8fdb_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/BDMSkin.dll
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/BDMSkin.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/BaiduReport.dll
Resource
win7-20240705-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/BaiduReport.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/Base.dll
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/Base.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/InstallHelper.dll
Resource
win7-20240708-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/InstallHelper.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/Protocol.dll
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/Protocol.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/Report.dll
Resource
win7-20240708-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/Report.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240704-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/Utils.dll
Resource
win7-20240705-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/Utils.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/msvcp100.dll
Resource
win7-20240704-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/msvcp100.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/msvcr100.dll
Resource
win7-20240708-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/msvcr100.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral23
Sample
$_15_/Baidu/Baidu/plugin/extends/game/1.0.0.3/JoystickService.dll
Resource
win7-20240705-en
Behavioral task
behavioral24
Sample
$_15_/Baidu/Baidu/plugin/extends/game/1.0.0.3/JoystickService.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral25
Sample
$_15_/Baidu/Baidu/plugin/extends/jietu/2.101.0.65/jietuDll.dll
Resource
win7-20240708-en
Behavioral task
behavioral26
Sample
$_15_/Baidu/Baidu/plugin/extends/jietu/2.101.0.65/jietuDll.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral27
Sample
$_15_/Baidu/Baidu/plugin/extends/jietu/2.101.0.65/screensnapshot.exe
Resource
win7-20240708-en
Behavioral task
behavioral28
Sample
$_15_/Baidu/Baidu/plugin/extends/jietu/2.101.0.65/screensnapshot.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral29
Sample
BDDocker.dll
Resource
win7-20240704-en
Behavioral task
behavioral30
Sample
BDDocker.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral31
Sample
BDDocker.exe
Resource
win7-20240704-en
Behavioral task
behavioral32
Sample
BDDocker.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
5f614b3d2a686b4995c38b91324d8fdb_JaffaCakes118
-
Size
10.6MB
-
MD5
5f614b3d2a686b4995c38b91324d8fdb
-
SHA1
72c298fb258d9e318aba64e900e91f3174cb2dbe
-
SHA256
531313033fdb71c44c0791f56679e55c36f06fa6250f90f68ebaf42e7a2a044b
-
SHA512
778c0d3ac4a7091cd09a5a9de4b3e41ea7c94c334af6219c85cf2f275feb3345adb42221193f6aac14e84fd1110ff52afb14cf24a7e7333bcbdf60fedb41681c
-
SSDEEP
196608:NBHC8KwHrU6Ery5NXJZzkl3fP0puCSe3xb1WujMYJroJiPEgI2fPZdms:DC8K6rery5ZDzklPMpuCl50uXozCPZb
Score8/10-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
$PLUGINSDIR/BDMSkin.dll
-
Size
1.8MB
-
MD5
3f6dc271f034861cb4be850a816105e3
-
SHA1
d83f7a11d47d4668737ff64139870bad8a8722a0
-
SHA256
4f5d4dc959ccb0f201b2f2c761c74f6284ec90fe4d05e11813c63f584356205a
-
SHA512
2149b342a8bb8486faf3e7ffe43b6fe66bad4b93512ed668caccdf63399a48411b92b31c99a018c92e4590584d8c0111a483f8161ec179d5f92aba2e398fa76a
-
SSDEEP
24576:l6HdOqkMfbZu853MkOiJnzC5LLpjA1Mr7zcy9apk/:lidxZuI3EL5A1y7zcy9apk/
Score3/10 -
-
-
Target
$PLUGINSDIR/BaiduReport.dll
-
Size
355KB
-
MD5
33ac85604ff109e2a297c03fc1037bf1
-
SHA1
02be88a95fc04ec73c4ed33601f832e86d5f0bb3
-
SHA256
47c64647fe2ef3215e919295fd3627b25e85877a690d2ba940f4177cfef2678c
-
SHA512
80c3428e0bd0585f2c4076fc814b638aeab637b2a56b37febef08f75fad426b268fcc2409cc8d09738c23ffc7d56250683b157a5e452b4b43a2bf88d4f489826
-
SSDEEP
6144:KceTKy/7X/avkVeQtYto8qVTBT2RL2f1QoCOdGnZfCH:KciK0+vAeIYto8qKRL2f1MqH
Score1/10 -
-
-
Target
$PLUGINSDIR/Base.dll
-
Size
777KB
-
MD5
6fdcd6d9faf849ecd71d4fa329969780
-
SHA1
3480193f5e7a37bf8a01f728566b48d56850749b
-
SHA256
a31fbc3014712fca12637400897816c41f65627434bdde1f4c8c0c025f08bad2
-
SHA512
5a3ddbd1abda841bc06c210f612cfde3a48016991ea6a8dc5ee00574aee1904c70695226490986465c950bf09564bf56715d2c25fcee9931f33b82dcefc2c111
-
SSDEEP
24576:FodWvihKLAwxzNvooB5aOelmGEpNlOgj8JKHTc4pE+uRxi:FodWvCS3xzOA5mEpNlOg4JuTc4t6i
Score3/10 -
-
-
Target
$PLUGINSDIR/InstallHelper.dll
-
Size
242KB
-
MD5
f497a1c6f5f1faca1a05fbee72abc07a
-
SHA1
3af6939afd2cdfc3eb7e9f6ff4cf26d254f97923
-
SHA256
ec6a6f16902d84802d0a744a6537d7bebe40b4ad9c8bce4de012c3224c98030c
-
SHA512
3a523e91cf7e4bd3c83f4eb9a861f410fb2be7367514cb7cf9c47f9f6aa3bcf200640c53bd96acf11f2177938b27cad033f361d67eb6098cb40eb3538292d8ba
-
SSDEEP
6144:B8Xjcb+BQhwGScybmUSfTkOwHdA091MCOqHmHFM:7+slVLyAWVGHFM
Score1/10 -
-
-
Target
$PLUGINSDIR/Protocol.dll
-
Size
355KB
-
MD5
a0ec723d41810478bb659a85e4e92f3d
-
SHA1
24cc9fc77abcafe0dd1c5a4e547a8b4efd63c85f
-
SHA256
dd57149bfa1348e482afddbbe79187527cbd358cdb3036fdf4e8b9f446d020cf
-
SHA512
ed98dff026eff8501a526dc36c5f68b63adc5a1704881015d6a9f7af53e5a3a47da6aad8d054b7f7cf0821f479a016f45ad20a1b201c263a09cf8265cd772c4d
-
SSDEEP
6144:9ibLrat+Zbe/UnSKeWWhaAIMsmg/wQ2h/WS8emoDCnD3h7xKYJd098jOfA7Ku:9uzyXXJaAI+qh4SWDCt7xK00yOu
Score3/10 -
-
-
Target
$PLUGINSDIR/Report.dll
-
Size
108KB
-
MD5
4ed3f52e01ac04d6b1fa05ff8a41c2fe
-
SHA1
9c363a2658db7deffe5358634320671ef6fc7664
-
SHA256
542440c178b553d4a1b01d83f05df6a1ba842571f4a9f90b06fdceab06336fe1
-
SHA512
8fcc515adc959c5b07b4c94400f6e39d75d9ba8a9556d7f4df8891a642b967f13b9f8302ff56bebac505a8a73a3bd4980e29406ccc918fb1dd3d7acc69f776ff
-
SSDEEP
3072:qx+DzZ3n2kLIJ+yAnc/KCe6nqMaEnb5hZ12p3ou6OfGHSl9B4:qx+DF3n2kLIJ+yAnc/KCe6qM1NhZ4pYf
Score1/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
17KB
-
MD5
bdb492684b7a99ee0aa1d10c1f8bf702
-
SHA1
c7b8a53cf1481df2a4a7eb11aeb824ff8b3a4698
-
SHA256
4919ffc0acdada4f18469d7fc76abaec4584b99709bbd276c6e9a8043be76481
-
SHA512
479f996f7dfbad9fff8f4bf3493dcaaa680390919233fb875d08efc0e6b71a94db9eae510091496a4c99e09ed793aae87ef64bd80e55cbf94823848d2edc0d20
-
SSDEEP
192:mN2gQuUwXzioj4KALV2upWzVd7q1QDXEbBZ8KxHdGzyS/Kx8nYe+PjP5rr0u+vsW:9JoiO8V2upW7vQjS/dnYPLtjeMUt
Score3/10 -
-
-
Target
$PLUGINSDIR/Utils.dll
-
Size
928KB
-
MD5
9ac5812dbee6e04f5d818dc5afb46480
-
SHA1
5232fb8d2ecb4cbbd52054741282cfb86fdd6e9d
-
SHA256
77ec589230c246ff136b9abe22691e978c30aff7c3e222be34195a671c8b3d8d
-
SHA512
970dd347a9d1a22dc02fba0ad1d8f7ac16c00dfca97045de5453ef8c7f64fac019d89aa2e1c69fb10ea3a29388a52c163da904d7b5abec95c18f0981a054c0e0
-
SSDEEP
12288:E1mKijkRUJo4KTYogByju3J/QkQeGtNNjeDsVtq5Dz0BTCK0YssuvPThzxfDX:E1NioRvu2EDz0B9FuvPTNxfDX
Score3/10 -
-
-
Target
$PLUGINSDIR/msvcp100.dll
-
Size
411KB
-
MD5
bc83108b18756547013ed443b8cdb31b
-
SHA1
79bcaad3714433e01c7f153b05b781f8d7cb318d
-
SHA256
b2ad109c15eaa92079582787b7772ba0a2f034f7d075907ff87028df0eaea671
-
SHA512
6e72b2d40e47567b3e506be474dafa7cacd0b53cd2c2d160c3b5384f2f461fc91bb5fdb614a351f628d4e516b3bbdabc2cc6d4cb4710970146d2938a687dd011
-
SSDEEP
12288:Seb8zxr1aWPaHX7dGP5frhUgiW6QR7t5qv3Ooc8UHkC2e7wx:Seb8Fpa6aHX7dGP5Gv3Ooc8UHkC2ekx
Score3/10 -
-
-
Target
$PLUGINSDIR/msvcr100.dll
-
Size
755KB
-
MD5
0e37fbfa79d349d672456923ec5fbbe3
-
SHA1
4e880fc7625ccf8d9ca799d5b94ce2b1e7597335
-
SHA256
8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18
-
SHA512
2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630
-
SSDEEP
12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
Score3/10 -
-
-
Target
$_15_/Baidu/Baidu/plugin/extends/game/1.0.0.3/JoystickService.dll
-
Size
172KB
-
MD5
e658ff0dcf3df710575c08148fe8b476
-
SHA1
e22a478cecb80d00e74b9f6224cfb7329aa89c1d
-
SHA256
1e8676f20da79fbb0fef694be17ede1047d0d68e9c7d07b1dac4e7bec3c7ffbc
-
SHA512
37f36be43d1393f0fc686e13fb56bf1412e2e7c637a74b7274a9adfc44a342bf5c5745750628dd4cecc20ed0a79342bda22ae2d6b58c245da1f1dc12bc6390c0
-
SSDEEP
3072:3xFZpErmhoqx+16K8FCH/cpuMF6/G4JKmqDiyOoCJWNOfiuUyqtziX:3xzpErmhoqkzU36/G4IYysANOfFUpiX
Score1/10 -
-
-
Target
$_15_/Baidu/Baidu/plugin/extends/jietu/2.101.0.65/jietuDll.dll
-
Size
78KB
-
MD5
cb2890bd544ecc0d442bc09429e2099a
-
SHA1
bd45300e1d7b8c79aa0e14c1dd59ae7c24d4d7bf
-
SHA256
a7c0f7988c03bb47b691bf7089738d67f0f31366cb1a8a4aefa18ed3914b7388
-
SHA512
e8e15555b62b56fdfc15eb109308075650d96dd0415cc508a865ec69151d2601d2ce06b943822b6b74057abf8033c93ccfa54bfe4f90308959925793a13a70b2
-
SSDEEP
1536:ZfoGCAKT/A2Nu4ESO2C5Cfv9Uc04HSzt4tJhIxtrE63TOfDOak0:RoG9KTIZ4EShC5Cfv9Uc7SuIrE63TOf+
Score1/10 -
-
-
Target
$_15_/Baidu/Baidu/plugin/extends/jietu/2.101.0.65/screensnapshot.exe
-
Size
846KB
-
MD5
0d6565a576325305206d93f153ad908a
-
SHA1
423c5f1bd4cd137dd78015bd8bfa038c04011878
-
SHA256
57ae5705db88a7bb6e8dd99c5d788b43d384b7759b6da206f292f71d81aece74
-
SHA512
947f5633e49f7f0a6cba97c8caf0de2d820613f1de20faf7ca295e0089b23ac663f74610d5395281d200b1a98623dbf72e552c2c7e7540dcc0b84c1cb6b36617
-
SSDEEP
12288:s8YZO9vzsHTfjnqJp0BJ1lJJgeUoMXay9a0DFsNXM77WSjKR1t0+zXZMOQqFTRjz:sDJ6eXMqy9aSsNOySjKRZeOQ02PE
Score1/10 -
-
-
Target
BDDocker.dll
-
Size
133KB
-
MD5
bac4430b877c7a7971f985a132cb7744
-
SHA1
8bdd4e5844d57638f9208e793dd33ff0825adff1
-
SHA256
c887bc567dd5c134389438ed65f9bc357458eef32195974d4c521ee051e21a3a
-
SHA512
012b60e1bd60b0ed846b05d8381a4f74b6b68fffbaab72c77a7d8ae29316148bbb59f5b6d3031ced1553c44530bcb09bb867fbe18f1a9965f75201e06fd56cdc
-
SSDEEP
1536:F+wpxI0iilTx2fv1JgGq22L3Ofe+Knum8FoqXmPZxRVHGBAHhY6hI32nK0E+MNn8:F+4xI/2TxK9vM3umwoFR6Gh0yK0Efnn8
Score1/10 -
-
-
Target
BDDocker.exe
-
Size
41KB
-
MD5
a6101f014755b9174d9d371ef00d5336
-
SHA1
9c12ec0682bc1d72f231322c579e507679703f40
-
SHA256
b32a9676d46340936d617744f147b6bd236b173143541f5185422e0d4d69eee1
-
SHA512
1ed8c9ecaacc196f8dd2c6f11aad5a1539546e3ca160cd93cb6e837cf78df9986ff3c7b5f19baf5f33c50dd60fc108d0a74ccb423bde48524f9161f83a874f74
-
SSDEEP
768:l6GD0S62D92lCOdcIkle6004ITnyx4COY2oqVhQmOg0UrH4AI4Cy:lL0I49Mz4IGwbVOtUT4ANR
Score1/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1