Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
8Static
static
38bd9a3095e...18.exe
windows7-x64
88bd9a3095e...18.exe
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...is.dll
windows7-x64
3$PLUGINSDI...is.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDI...ox.dll
windows7-x64
3$PLUGINSDI...ox.dll
windows10-2004-x64
3$SMSTARTUP...��.exe
windows7-x64
3$SMSTARTUP...��.exe
windows10-2004-x64
37zr.exe
windows7-x64
37zr.exe
windows10-2004-x64
3Encode.exe
windows7-x64
1Encode.exe
windows10-2004-x64
3FZip.dll
windows7-x64
3FZip.dll
windows10-2004-x64
3HTTP.dll
windows7-x64
3HTTP.dll
windows10-2004-x64
3LHInstall.dll
windows7-x64
3LHInstall.dll
windows10-2004-x64
3LangHua.exe
windows7-x64
8LangHua.exe
windows10-2004-x64
8LhLogSvr.dll
windows7-x64
3LhLogSvr.dll
windows10-2004-x64
3LhTips.exe
windows7-x64
3LhTips.exe
windows10-2004-x64
3General
-
Target
8bd9a3095ebb74383c3103bfc41765b0_JaffaCakes118
-
Size
4.8MB
-
Sample
240811-y85qva1blh
-
MD5
8bd9a3095ebb74383c3103bfc41765b0
-
SHA1
a7b38182caa24927955d49740496dbb432c6363b
-
SHA256
20a45fa6c17c9e8461522886352a440c2c00a6a16075004f3d731876631c3696
-
SHA512
a4aca9d5b1ab785822b9913c6d4d10aa7244873445982806f4ada9fa47c01a2f28ccbb4b5d1234e5af9a164997924ff342e44e7ad47b6014831e40ac3a51f577
-
SSDEEP
98304:KrgJubL1bcRIRDF7nO9X3ll3MZXsKdaoTgkuKL21WKtxa9/nj:KZ9wohLI3fcZXRcVKL21K9/nj
Static task
static1
Behavioral task
behavioral1
Sample
8bd9a3095ebb74383c3103bfc41765b0_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
8bd9a3095ebb74383c3103bfc41765b0_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/LhNsis.dll
Resource
win7-20240705-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/LhNsis.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240704-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/ebanner.dll
Resource
win7-20240705-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/ebanner.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/messagebox.dll
Resource
win7-20240705-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/messagebox.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
$SMSTARTUP/7k7kϷ.exe
Resource
win7-20240729-en
Behavioral task
behavioral16
Sample
$SMSTARTUP/7k7kϷ.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
7zr.exe
Resource
win7-20240704-en
Behavioral task
behavioral18
Sample
7zr.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
Encode.exe
Resource
win7-20240704-en
Behavioral task
behavioral20
Sample
Encode.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral21
Sample
FZip.dll
Resource
win7-20240708-en
Behavioral task
behavioral22
Sample
FZip.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
HTTP.dll
Resource
win7-20240708-en
Behavioral task
behavioral24
Sample
HTTP.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral25
Sample
LHInstall.dll
Resource
win7-20240704-en
Behavioral task
behavioral26
Sample
LHInstall.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
LangHua.exe
Resource
win7-20240705-en
Behavioral task
behavioral28
Sample
LangHua.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral29
Sample
LhLogSvr.dll
Resource
win7-20240708-en
Behavioral task
behavioral30
Sample
LhLogSvr.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral31
Sample
LhTips.exe
Resource
win7-20240704-en
Behavioral task
behavioral32
Sample
LhTips.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
8bd9a3095ebb74383c3103bfc41765b0_JaffaCakes118
-
Size
4.8MB
-
MD5
8bd9a3095ebb74383c3103bfc41765b0
-
SHA1
a7b38182caa24927955d49740496dbb432c6363b
-
SHA256
20a45fa6c17c9e8461522886352a440c2c00a6a16075004f3d731876631c3696
-
SHA512
a4aca9d5b1ab785822b9913c6d4d10aa7244873445982806f4ada9fa47c01a2f28ccbb4b5d1234e5af9a164997924ff342e44e7ad47b6014831e40ac3a51f577
-
SSDEEP
98304:KrgJubL1bcRIRDF7nO9X3ll3MZXsKdaoTgkuKL21WKtxa9/nj:KZ9wohLI3fcZXRcVKL21K9/nj
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
12KB
-
MD5
1d5c649dde35003a618b9679d5d71b92
-
SHA1
0409bbab3ab34f8c01289cdd847b4d1a32d05b18
-
SHA256
0f4d3cee24e3f310fa804983c931d3628613988a24f0be7854f63a9309b8e45f
-
SHA512
b432ebcc52905662d61a3f17e08e209a3f9d836a9071b3b5e80070af7ebcf34cf66c44426dda041c2a258fda4787e5692e2b35acbcd73288fb84fe3c977bbfd9
-
SSDEEP
384:pKlm7i+c3QW6ckPhyDEaLnA2bbBBIXwZ:8qi8BcyhEhLBbbTI
Score3/10 -
-
-
Target
$PLUGINSDIR/KillProcDLL.dll
-
Size
32KB
-
MD5
83142eac84475f4ca889c73f10d9c179
-
SHA1
dbe43c0de8ef881466bd74861b2e5b17598b5ce8
-
SHA256
ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729
-
SHA512
1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1
-
SSDEEP
384:3rYz6grZodORNWATt4TBmlk5ooyzFh7BukAUdJoUtSOSR:3QggDWATWNCFh7BNddJoxO+
Score3/10 -
-
-
Target
$PLUGINSDIR/LhNsis.dll
-
Size
136KB
-
MD5
c7e90bf806485f29fd6a12d55cc9345b
-
SHA1
4c67092cc34e82c8a12d2992ed31393bc1af6ea9
-
SHA256
c91224d0a6beebc46fef20ce716852ccccc1cbb6f12f117ed2e45f83417b0f92
-
SHA512
b19fe4017475a22e83d26822bce9eb7406bbffebc3fe3b7faff4ecda1fd84f975405ad814c0f09c63b55174b4a940b818f534540334bcecf7e424d84eee7b646
-
SSDEEP
1536:wzH0M6rtzXdJmrITjO9SVIr8JpfNi9kRCgTfgelqmCemoHF6yLl7O4m+Yam4d:LfSrtUrpFi9kRrfg4qmVHllq5+YD4d
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
10KB
-
MD5
4eff5fafd746f5decb93a44e3a3d570c
-
SHA1
a11aa7681b7e2df1c7f7492a127d332d1495ea8a
-
SHA256
cf61ddd15d63c25a12caee70f51ea736cfc02195c42e56ee01b33f689d3754c5
-
SHA512
cde82d2a1f28506e4c2264f6b82017a00af32f138ebcdbaf4cc58463870fa626f708aa57465294c5a6f096c886841e7b9112b85bf3ea2f1d8f2da816b51b2d72
-
SSDEEP
192:0OycJo/rJVCmIDNLU0dq5RD00lspbub76yL:6/QQ0d0RD0USq/6y
Score3/10 -
-
-
Target
$PLUGINSDIR/ebanner.dll
-
Size
9KB
-
MD5
d4eb94400c76da205cbf83cb42cf1e6c
-
SHA1
fdbb4723dd8c2d2c3a2ae0616419bb27db7c4de7
-
SHA256
d5a2884190caf25783c0abd32875f8c700abbec9f245bbee7e2584358ea864dc
-
SHA512
2fb517dd94e0c57cc9875229735ee5bedffe5a60d90c741299328ff625b7f25894c7a0308fda9c29d5daf667230e5f923591632c612d607774da303e2dba5050
-
SSDEEP
192:N+2EZfDofOtmDL55ggLujvrUvc/Ab/6HItWV:N+hEfOKgggYhbfw
Score3/10 -
-
-
Target
$PLUGINSDIR/messagebox.dll
-
Size
6KB
-
MD5
b1a548fcf6c6fc8857f21b336261fe30
-
SHA1
093cbcf35cc31b3a6373ef3c801647e552c73dde
-
SHA256
42430e825f649f669d99775e95343e0f3a39c6517b9e300c28f2e4add9d67693
-
SHA512
0b45d4c97104190aa850674fea0ab7b5d4cf00040c64b399178dffe1f9d7b9db25f87d2e81d38399796f2661ade3ecfc1deabca2ec07db5a8be1746297285918
-
SSDEEP
96:7H4EngqCn0E+deRMa3DQUhXLkYNqbo4decXRvvap7vB:pngZo2MaTJVkYNqboB61i1v
Score3/10 -
-
-
Target
$SMSTARTUP/7k7kϷ.exe
-
Size
50KB
-
MD5
c0f7a53f4854d976b5ea5a6f4ae0ca99
-
SHA1
c580dd0c77bbe1370301cac58cedab63c8fe3453
-
SHA256
74b87136b79424857dfd4dd6b01a9df44b4045c5ce0f706189a7e3b36614b326
-
SHA512
9160d328a02fc9bd2e462ddd4738ff63af5d7ef0bdacb9e6a48550fb83a57fd688873b762731bc5e9aac4ba0e376fa9e6de956d6918283c1474770b8efce1d45
-
SSDEEP
1536:EZFwlrRfoowfoMTIxpIplqu4VGPJB6/O+7syaNC0:EZGlFw7fonu4sPJBo7sbt
Score3/10 -
-
-
Target
7zr.exe
-
Size
330KB
-
MD5
194d21e1f5c57ef311e906c8d9ed0c83
-
SHA1
8633e0e0deb8f0792848843f57cd15c8d2cead5d
-
SHA256
131eff27cc9e5764502e8fb578316c4633e6c790d93d25c922306c772c2e08af
-
SHA512
12a411bdbd9b79540fb16389e633c810c54d97bbb8c561866b37354a153a969bf00533985dfefebfd3424a8c227cdb668e9fddb8ade16f4ab419482f74cc8b0b
-
SSDEEP
6144:+GofMv/uDYSX77VyPgDk4qgeB+hS5VurnC+PI+rE7hnTaY5Mo16x7/By9w:+GoPDYSFpDNU23rn7PIkE7hnTaAMoc0w
Score3/10 -
-
-
Target
Encode.exe
-
Size
73KB
-
MD5
06732c612f96f55ecbb80d3e37dba151
-
SHA1
146a5e6f86e2708cbf1af768c5f26d16ac9f9c3f
-
SHA256
d8e40dbe264ff751fc0bc4d7d4d04aa5a8169141e5c82ef4f22e31d315e8fd11
-
SHA512
faec8e24d5eb68844640db5a22b29da41c0a758293806d19f52b42110f345526da93e4e3f0b95e98aea1387afbed5f024091225e4c85c881175d81e6dd2042c9
-
SSDEEP
1536:b1tpgtcQHPKM0pLQEG/SPfFdj8rF5XmiRNltUaNC1:b1fIhEES/qDzPlt1k
Score3/10 -
-
-
Target
FZip.dll
-
Size
81KB
-
MD5
eda2b16a38efaa2c9ade4476570e5e03
-
SHA1
86cdb1811b0274bb38f00b65cc3d9a7222cb5fe2
-
SHA256
6644abf97208da52cdcff6298e115785e87cf16316cab85de8f1a9a19dfda6af
-
SHA512
5904787d1196b278ef0ff50f5f4f0d0af8f7418e3cc1d1b465c3effd2be47dca9bd54505696e4c6f8f965e8072128eceedd68e7408aecdfd3aaa5d0be0bab62c
-
SSDEEP
1536:IIbaFt5rgIv3Oik8UgtbSNFC9xKFrTKu6n+5eRLcakhquZX5v6lwaNCS:RaFt5rgS3OiktgtbSrC9xmX5eRcaIqum
Score3/10 -
-
-
Target
HTTP.dll
-
Size
69KB
-
MD5
b1fcfa851b0aab1bbe9d7857ea219d3d
-
SHA1
4813da8c8ab0ae98eb89efe415427637e5ba26b4
-
SHA256
44bb18d9e92583d19dcddc31cdfb2c58d2af9d6e392065e0424b58f268026d8f
-
SHA512
7f12de242eef2b31df34454ed32bfef0981ef05cd44dbf37399a4c0fc1ec1474c2c83f4a242d21734156d5c10b80e338810bd5c34d3e7c978da5f005487eda56
-
SSDEEP
1536:7wc4q/5TA1yl8UOpJsHsQyxwBilY3n10sNVzAklMrAvcA6wSEaNCKf:+uVl8UXHyxwBio1lN7lMrwcAhq1f
Score3/10 -
-
-
Target
LHInstall.dll
-
Size
37KB
-
MD5
baaba3043095985cd25a2ed145bec930
-
SHA1
e5db0602c0ce554a4312227be9040bac6a7695bc
-
SHA256
56c28ece9745b056b505348ee56f6a2340d40039741f60860d23ae86cc8c1fbb
-
SHA512
13c4b7cca681ba65d057eb3bf8a4ea6261f9acd414f0ff07c6dbdfca44d5b1198307ed5d8806114bd4b4a41017c232e563798b52e7ddc800f2f03ef0711dbbbb
-
SSDEEP
768:28QmYnYSpHxgWIQxhYTpnS67wgqriaFDY9flWJeJ3LWFbCgq:vCH91IlnS67wgrSDY9flWJe5aNCH
Score3/10 -
-
-
Target
LangHua.exe
-
Size
2.1MB
-
MD5
4d1770fca9559746469e30933b4d83fd
-
SHA1
f0b0a86cb17f06aaa808e073e5e4c25a55057e1b
-
SHA256
d50be917d4aa3352b4adbed554517f1a473bda771c6e70cdc0431ebb08fa3ca5
-
SHA512
f5ec293042bbd838f283f89772375c33236cb0777490722fd1eb394d60677523c80eeb9f7ba742c919806d42cbb2922824130e821b65bb203e13e95257d8bf02
-
SSDEEP
49152:/E/tUmAN3BPMm19duFeUFmodToFbzeGVuv7dnMmM15UuLWy/zc:/E/toBPdEToFveGVKdni15UuLvA
-
Modifies Windows Firewall
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
LhLogSvr.dll
-
Size
81KB
-
MD5
1fe6a9bc475c6fe35b3bf563e36fd6bc
-
SHA1
81adfc071bfb2dbdbc57ba8bfedabba9e6137b97
-
SHA256
2893921427d24518d09fb377e21389dcceb2d9ae545d6cd44cb1ed33ba62a643
-
SHA512
851072c70ed14424800a131c4bb10c80c0e61732cbcc29ff8115347ccef2fb5451a5844f38d58f7d3cabb8d0fb9035ae868ec490449e207e2ea405173e2d2379
-
SSDEEP
1536:BKJ4aC0fkExx3LSOTcXbD/DKPhbwCcj22NulPaNCC:BK7SOqDOhbwFC2Nulif
Score3/10 -
-
-
Target
LhTips.exe
-
Size
145KB
-
MD5
86a34ca266b2d2d5a179938279af00bf
-
SHA1
f5bf3349256f42c62e52c8cd56097046296afd4d
-
SHA256
48aa57174169859874546f0c8ad2228728c33261efefb8fcfce95e080563247a
-
SHA512
b9d1a793f37cfce843eb5d0e5efa88bfe9d278e25c273770010f40acc914badc3a4b19d7ed72a7b1d511ee7858ed75e06ecc65a52a10d1ef64c46281c9053522
-
SSDEEP
3072:fKX3opXwxxFMdSy353FjQsuahzkwMlGwwWfwWfq:yXYqxFMdr3533/kwDww0wSq
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1Pre-OS Boot
1Bootkit
1