Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
9Static
static
302c6de821f...18.exe
windows7-x64
902c6de821f...18.exe
windows10-2004-x64
9$PROGRAMFI...il.exe
windows7-x64
3$PROGRAMFI...il.exe
windows10-2004-x64
3$PROGRAMFI...r4.dll
windows7-x64
3$PROGRAMFI...r4.dll
windows10-2004-x64
3$PROGRAMFI...c4.dll
windows7-x64
3$PROGRAMFI...c4.dll
windows10-2004-x64
3$PROGRAMFI...s4.dll
windows7-x64
3$PROGRAMFI...s4.dll
windows10-2004-x64
3$PROGRAMFI...s3.dll
windows7-x64
3$PROGRAMFI...s3.dll
windows10-2004-x64
3$PROGRAMFI...e3.dll
windows7-x64
3$PROGRAMFI...e3.dll
windows10-2004-x64
3$PROGRAMFI...n3.dll
windows7-x64
3$PROGRAMFI...n3.dll
windows10-2004-x64
3$PROGRAMFI...PC.exe
windows7-x64
9$PROGRAMFI...PC.exe
windows10-2004-x64
9$PROGRAMFI...er.exe
windows7-x64
9$PROGRAMFI...er.exe
windows10-2004-x64
9$PROGRAMFI...up.exe
windows7-x64
6$PROGRAMFI...up.exe
windows10-2004-x64
6$PROGRAMFI...LL.dll
windows7-x64
3$PROGRAMFI...LL.dll
windows10-2004-x64
3$PROGRAMFI...rd.dll
windows7-x64
3$PROGRAMFI...rd.dll
windows10-2004-x64
3$PROGRAMFI...SC.dll
windows7-x64
3$PROGRAMFI...SC.dll
windows10-2004-x64
3$PROGRAMFI...WR.dll
windows7-x64
3$PROGRAMFI...WR.dll
windows10-2004-x64
3$PROGRAMFI...LL.dll
windows7-x64
3$PROGRAMFI...LL.dll
windows10-2004-x64
3General
-
Target
02c6de821fc433304ee204d4b930392e_JaffaCakes118
-
Size
9.3MB
-
Sample
240727-3sm83sydla
-
MD5
02c6de821fc433304ee204d4b930392e
-
SHA1
68b1cc41a9d00e0f7d6dd3fa70b816e158839f45
-
SHA256
03595be308cd92512645f8f37b6731f372da3c6b5dbf298c4d16a9683a8e4f19
-
SHA512
c874685a0342e0b0af53630650188f2c3b5e2196ffbb10b74cb1c00e1cae0a35bcfba9d3d096b7d7f9bbe636862a653a85bb353b6308ce323e5ce6d8c51873c7
-
SSDEEP
196608:9AAkXmjdt4e14FhATdRzWEgOwZYKjm/lKIMaJPxEN0N:me4eyhWddWEhztlK7cPGQ
Static task
static1
Behavioral task
behavioral1
Sample
02c6de821fc433304ee204d4b930392e_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
02c6de821fc433304ee204d4b930392e_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/cert/certutil.exe
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/cert/certutil.exe
Resource
win10v2004-20240729-en
Behavioral task
behavioral5
Sample
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/cert/libnspr4.dll
Resource
win7-20240729-en
Behavioral task
behavioral6
Sample
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/cert/libnspr4.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral7
Sample
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/cert/libplc4.dll
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/cert/libplc4.dll
Resource
win10v2004-20240729-en
Behavioral task
behavioral9
Sample
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/cert/libplds4.dll
Resource
win7-20240704-en
Behavioral task
behavioral10
Sample
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/cert/libplds4.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral11
Sample
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/cert/nss3.dll
Resource
win7-20240704-en
Behavioral task
behavioral12
Sample
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/cert/nss3.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral13
Sample
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/cert/smime3.dll
Resource
win7-20240708-en
Behavioral task
behavioral14
Sample
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/cert/smime3.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral15
Sample
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/cert/softokn3.dll
Resource
win7-20240729-en
Behavioral task
behavioral16
Sample
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/cert/softokn3.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral17
Sample
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/dll/AnySign4PC.exe
Resource
win7-20240704-en
Behavioral task
behavioral18
Sample
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/dll/AnySign4PC.exe
Resource
win10v2004-20240729-en
Behavioral task
behavioral19
Sample
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/dll/AnySign4PCLauncher.exe
Resource
win7-20240704-en
Behavioral task
behavioral20
Sample
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/dll/AnySign4PCLauncher.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral21
Sample
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/dll/Any_setup.exe
Resource
win7-20240708-en
Behavioral task
behavioral22
Sample
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/dll/Any_setup.exe
Resource
win10v2004-20240729-en
Behavioral task
behavioral23
Sample
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/dll/DESDLL.dll
Resource
win7-20240729-en
Behavioral task
behavioral24
Sample
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/dll/DESDLL.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral25
Sample
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/dll/DllOpenkeyboard.dll
Resource
win7-20240729-en
Behavioral task
behavioral26
Sample
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/dll/DllOpenkeyboard.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral27
Sample
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/dll/KEBSFSC.dll
Resource
win7-20240729-en
Behavioral task
behavioral28
Sample
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/dll/KEBSFSC.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral29
Sample
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/dll/KEBSFSC_WR.dll
Resource
win7-20240729-en
Behavioral task
behavioral30
Sample
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/dll/KEBSFSC_WR.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral31
Sample
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/dll/KTBDLL.dll
Resource
win7-20240705-en
Behavioral task
behavioral32
Sample
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/dll/KTBDLL.dll
Resource
win10v2004-20240704-en
Malware Config
Targets
-
-
Target
02c6de821fc433304ee204d4b930392e_JaffaCakes118
-
Size
9.3MB
-
MD5
02c6de821fc433304ee204d4b930392e
-
SHA1
68b1cc41a9d00e0f7d6dd3fa70b816e158839f45
-
SHA256
03595be308cd92512645f8f37b6731f372da3c6b5dbf298c4d16a9683a8e4f19
-
SHA512
c874685a0342e0b0af53630650188f2c3b5e2196ffbb10b74cb1c00e1cae0a35bcfba9d3d096b7d7f9bbe636862a653a85bb353b6308ce323e5ce6d8c51873c7
-
SSDEEP
196608:9AAkXmjdt4e14FhATdRzWEgOwZYKjm/lKIMaJPxEN0N:me4eyhWddWEhztlK7cPGQ
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Adds Run key to start application
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/cert/certutil.exe
-
Size
283KB
-
MD5
e082bd597129b93f8afe414021f7dd30
-
SHA1
d861f0cefd66ed14fde82b0541237e42c5c7c63a
-
SHA256
22c4d27af891ac0d7d1cd511f0aade8c1aa1c1648a3b4ef2828764b0f9daafef
-
SHA512
0f8cf28e99f74326d418a70e36a40fe6e078b78007298416fa17db3fce010fef2857af4eb28eb9e3eaddc7520bb737c85b14f4ad370e5552273c8e113b396f43
-
SSDEEP
3072:mH6sserkXqC3x+g2TDxBzDCeQtj/T/EglLPRKgzIoF7Q+Yhf0ZS0IYS1ahAqIUwV:maCzpgGBzDEA1Is0xzSeAqFwiIDF
Score3/10 -
-
-
Target
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/cert/libnspr4.dll
-
Size
204KB
-
MD5
7957e822b5e67afe2cb64e1fbfc923db
-
SHA1
49e065f2ebc213c445e8c637b32f101674ca4dc8
-
SHA256
480c54abd5c555520ee38069d9233b1c2739286471376a56ee66bd756a37fde2
-
SHA512
ed44cc693175c01e1d1a7b856ca800e3cd641a3f434ffecd1532324111aa55010601c1aa92ce069133c012d6e89d5b99bd9526283da9b972b53f788a820e63bb
-
SSDEEP
3072:AtiZp9HzAEvs0thsMy0jHWkN+IsQ5kPGd+pEbqxvh50SyvHerJu8g:sGp9HMEvsqsQHBsQ5kPGd+pEevVyv8
Score3/10 -
-
-
Target
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/cert/libplc4.dll
-
Size
28KB
-
MD5
c3700234160aeea85be0be637744f8a1
-
SHA1
27b86964b29ffb287180cc2875e4467e7b092084
-
SHA256
b6a12653b2b8024f64bc581e67dc10a469edcfdabdad3da405ef7b709eb34805
-
SHA512
2ff671c0633f78d3e6736bcc445b72de1d81a74dbae29673f4c88d57485ff3a0f2de2a60a137113091a55feca7c5dd1fa7816b0d630fe5f5fbd0af70667da4e0
-
SSDEEP
192:aIc4fylGikcNlsIvBnmAq+yB2Y1NjqPCSfi4Yg8utInnnqCv/qWARuPsBQVhmmTa:aIc4fyPqivyjOBdqAyOkdWVHg
Score3/10 -
-
-
Target
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/cert/libplds4.dll
-
Size
24KB
-
MD5
a4f672b53c53e322d8f474e7980f432e
-
SHA1
5359b8ac02d98801edc6c2eb46e223c39ce42ee3
-
SHA256
6b8d5ecd92b9705d54ad48c873226991de558e57c36effeefbea63e006aae75f
-
SHA512
b25d18403a586b03588ddc6b283b09bd431c71d3cb548d4fe59628ab3431fef7c7c2364ee05bf1e3983379f11e7c442f21bdcdc6df191c4f08379ba15a10cc43
-
SSDEEP
96:ryDKJp9bk/uFBUcmOHeV6Yqebl6swLmwi2gGh0Gl10y6ynrJ3K1SxMRN3L6Cfw5Z:MKJp9bLF6cqSE1wi2gGGGES9aYyFfm
Score3/10 -
-
-
Target
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/cert/nss3.dll
-
Size
1.6MB
-
MD5
37016e05495f1daca0af21f23654203f
-
SHA1
ce75de300b5984a96fbbc561a70c21b6bf7fd02c
-
SHA256
eb609f53bc2d1ca5f771b577f4a160b2974dc42196d82508d84d7767ac2ca6a7
-
SHA512
98a077deb5b13eb74a1a8b105778f923112888339c0482645c481c9ae736622bf1cbf21c830eb18130ba161aebbf5599f0816ad6ed8de1ffea22cec46cbd78c9
-
SSDEEP
24576:Oj70j9vgSNMN9k95HmoM5H7HMFnpn5AhSZhGopzFBJF:o70BgSNo0pEMZMSZhGEF
Score3/10 -
-
-
Target
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/cert/smime3.dll
-
Size
558KB
-
MD5
5264e5d087b395e91b739778e8e76933
-
SHA1
67f216749c1a8ca7194dcb7a2cceb47fc6457f59
-
SHA256
4a846a28573048cad28714b7623e7c5f03001b66d55092aada3da7a3c397b26e
-
SHA512
a1f9f95fc35642f6cf0104a0ab277e10359ec836977b8d2da2812ff26aaaea2d11b2e0dce18712c9296a62c51e6c2a114c9bc85634fa342aac384661cfe73e35
-
SSDEEP
12288:6nOmn6yR8HE3KdbtE2EnwLd4FTPO5VnDmIzbs:6nOs6lEy+SdqTPOFs
Score3/10 -
-
-
Target
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/cert/softokn3.dll
-
Size
1.2MB
-
MD5
aba9a1d88c35d1e380054a18d2087291
-
SHA1
51ae68d6efd42bb51653a3dd0733a1c36ed5c632
-
SHA256
178dac494dc58ff2a2874d54cd2fc96364a12fec2b5bd25d5bcefea187a8979e
-
SHA512
ecef7bc477ab3819cc5d266af57cbe4722daf106fdc5dbf663ee700fd487194607fe541248bd00e69bddfc39ad31810c1c768eb510fae10bed89b3e9fa361256
-
SSDEEP
24576:S8JgeTeX+6iknOSDzPz7hPPiKoOTnDlD1D1zD5DLTKLS6I3GR:mWAJDzPz7hPPdoOTnDlD1D1zD5DLCe8
Score3/10 -
-
-
Target
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/dll/AnySign4PC.exe
-
Size
2.3MB
-
MD5
dede7b51dee26b56e94991f33504ba8a
-
SHA1
7715ff2ee133265f94cc77f01e32d00f77b42cd1
-
SHA256
e2333c3dda14fafbcbe1ab29bf433ae89280c7fc4b1f5ce4b3e45943415b7c6a
-
SHA512
dd2181b0a87ac9fd66ffb6a889087584ead7630073eb501e3b357dfc7526dfc24d0a4e67fdb638199ab250f5d008baa085d0a3aeddd46ed5d5721d969101c915
-
SSDEEP
49152:PconvcLJ5n0wrATGphLjUwrILioeZ3NTICXmI:UovcLJ50JSLjxrILioKNsCf
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/dll/AnySign4PCLauncher.exe
-
Size
2.2MB
-
MD5
d0d596a7aee7c949d4fb625269ccc4a3
-
SHA1
7f4db9b10ab88273eecfb145fe9a01293ee6c28c
-
SHA256
80ce82de0a6635d47d0fc1be310ebf8e5238d8598f83e7df83be0215f18bb7f9
-
SHA512
1f5cc7c07e6ad5222fef42589a21c31566e6606e202b00bacc0e9b960cb29f26f6c04eefa31b6109844269a4370b4a6b60d92e4577543bc905b0ffc0b7046550
-
SSDEEP
49152:6O5PzPs+X18XrgoijVTLbHqFhFITkjPbIxtqfPl9hEKzIOYTYBbLp:6O57EW1Sg95/evFUGtn1IJTY5Lp
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/dll/Any_setup.exe
-
Size
144KB
-
MD5
894222e8962b46263c26aa9ea08c2050
-
SHA1
9778d5e7d4cd15717f3240cae4255934ccd5231c
-
SHA256
e5c6a460471e5f1d37c083c1069e95e253ad80c25e42f5624f6824bb1f4ce826
-
SHA512
472787c8827cb5df1c527caee6bb0766429a096f3931f30d7a435d891a0741b333c16000ae53cf1bb2398ba77187c5ae240145b30f51899bff074232e7f900b5
-
SSDEEP
1536:O3Wakjwa5CkyoH+p5nyn3nuC7XJ9Mje5rxLtLEc9Eccdk5GGA93EpjjMe61BW+pi:r8y0e5rxLtLnXLDMJLWFXG3yvD
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/dll/DESDLL.dll
-
Size
56KB
-
MD5
33eb65fc4be4336acf4d5223fceacd23
-
SHA1
fec700ac34496350f5d802422f65587be333b4fd
-
SHA256
8dc4f78cca4fa57c18b8b062222d55650b54f5b28dc9ecd512cc3b16b8cce71c
-
SHA512
26024fce4d9987199cc23497375a8c7212a845fab3f7894ba08cbce8fbc49d5a59a403c5f38b2e3de2717396bf1d049067dfb890c716356912615d0fd6d795da
-
SSDEEP
768:Jcgkc/ghFTCs0PSqRkrO+3oX2wnqP3vjkjEjSpD0UdiB9Cf9PS7h5gAofJWbcj:Jkc4FTCs0PStzoX2kjEjSpJX9CzoRoG
Score3/10 -
-
-
Target
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/dll/DllOpenkeyboard.dll
-
Size
136KB
-
MD5
54f1c18f29bdbc61863ce9da1d09fe1e
-
SHA1
fa19ebe25b1da3e022980703c712a13cf3dfdb11
-
SHA256
94769b487a295bf0cbb61d71b1b99303c558d89fed1a60e40440fec6ebe236ec
-
SHA512
a2e89738d36dec23eff9dcf7cadff702cf4d07795a34f7f78407f65fccf657cea3ee63b2d3b8bcfcfde2d6b1916fba774a2a5b32bc6e6af089f4c91a5c91700b
-
SSDEEP
1536:Z562Jsu3IqUWtROLotIRqZqRorMzngrsIvzkbpe7FgF+QmR3bcCaxA5kaMe/puc+:SQtqbHGvM4HIwT+tbGnPZi
Score3/10 -
-
-
Target
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/dll/KEBSFSC.dll
-
Size
484KB
-
MD5
f2b1512cee1a36dd5a7e9b7a9d668f7c
-
SHA1
df48f9d5140b11e80e4d0df2550fe9ad5bdb7eba
-
SHA256
4ef6061fd74e6cc0124812a8d2d10d4445ac84ab36185a7a2568aa0117c8049c
-
SHA512
a619826f6956b9aa011c525f135da690b6fdedafb5403a2860856aaec2f31764c7d1c4164ea155d016288dd59cd2eb8f496e08071f65ca179a79cef6bd84704e
-
SSDEEP
6144:oFVRGFImOWky5opqont8UJUOkkkkkkkkkkkkkkkkkwkkkkkkkkkkkkkkkkkNfo:EGG58opqKt8i
Score3/10 -
-
-
Target
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/dll/KEBSFSC_WR.dll
-
Size
14KB
-
MD5
cf95ac23bf29820858daa738a45c666f
-
SHA1
baec586aaa13cbc4623a0371065fb523f7d8ec3c
-
SHA256
d28631be5c2a582fab6c47d5348fb7ff058c2f72c312e816f6106d1c9ee2c3ef
-
SHA512
451d4323132c5dd0f622226a04b739b1145f13501675b5733d7b69c6be861c350ca2aa21f2ecd916ef398a1d519e41f5e5fdcbf7aa68b7b45e01048c3e869ea2
-
SSDEEP
384:iLOj4DMzhL0+77gG1lFsDCrZxEUM5OArZ6AjG8GZR:rOGhL0+78+uAEUmOABS5
Score3/10 -
-
-
Target
$PROGRAMFILES/SoftForum/XecureWeb/AnySign/dll/KTBDLL.dll
-
Size
576KB
-
MD5
bd5c8c9e408153eda25465d790a4e81e
-
SHA1
8c14f4efa5b8b87d69187587fa9f25a02c284bb2
-
SHA256
d39b60b3e3b44244bd43dd3fcffa1861f709a6cfa583613ca0b54f4c2237e327
-
SHA512
d273a23384fddb191f95bea8805f458f82b8c21e7b60fc43143b61a8b3209afc0d70a53c46bd99d95e22a74e65f4bd19bde84ab633bc7f3aba4bacafab377244
-
SSDEEP
6144:OZ2wqKv1HxoEw4YNvFTWkEvEkUGVTYiH/FdXKFqKG0EG/kCdB6LTh8WtV1E9+kzl:AtJYqEkUSjdXKMFeBEjtV1q
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2