Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
38dabaad433...18.exe
windows7-x64
78dabaad433...18.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...nu.dll
windows7-x64
3$PLUGINSDI...nu.dll
windows10-2004-x64
3Alligator.exe
windows7-x64
3Alligator.exe
windows10-2004-x64
3BlackShark.exe
windows7-x64
1BlackShark.exe
windows10-2004-x64
3Get your r...de.url
windows7-x64
1Get your r...de.url
windows10-2004-x64
1MIG_29.dll
windows7-x64
3MIG_29.dll
windows10-2004-x64
3MSORecovery.exe
windows7-x64
7MSORecovery.exe
windows10-2004-x64
7Uninstall.exe
windows7-x64
7Uninstall.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3bs_load.dll
windows7-x64
3bs_load.dll
windows10-2004-x64
3bs_wm.dll
windows7-x64
3bs_wm.dll
windows10-2004-x64
3gdiplus.dll
windows7-x64
3gdiplus.dll
windows10-2004-x64
3t34.dll
windows7-x64
3t34.dll
windows10-2004-x64
3wab_recovery.exe
windows7-x64
6wab_recovery.exe
windows10-2004-x64
6General
-
Target
8dabaad433dbb2b516e75168ca970903_JaffaCakes118
-
Size
7.1MB
-
Sample
240812-g9hh9syglj
-
MD5
8dabaad433dbb2b516e75168ca970903
-
SHA1
4faeb166b07c6e81db33cfb978473d157e1a05c1
-
SHA256
3dacbf49ecb37c75438c28e2762dbab36aba3e817bf7568767d2135f2800444b
-
SHA512
ca7eb17717693b63007e218da7d6d3e51bbe3af79ff9e080b1cd5340a06137698601a26885d3843a8dd8c01fa0236892560403b9725927689c97d9956e990aa1
-
SSDEEP
196608:kQqUejR4kJxjTbSYcOGn6/21XnyzGUQipup0:UjR4k/jT2DC2Ez1Qipb
Static task
static1
Behavioral task
behavioral1
Sample
8dabaad433dbb2b516e75168ca970903_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
8dabaad433dbb2b516e75168ca970903_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
Alligator.exe
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
Alligator.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
BlackShark.exe
Resource
win7-20240729-en
Behavioral task
behavioral10
Sample
BlackShark.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
Get your registration code.url
Resource
win7-20240705-en
Behavioral task
behavioral12
Sample
Get your registration code.url
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
MIG_29.dll
Resource
win7-20240708-en
Behavioral task
behavioral14
Sample
MIG_29.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
MSORecovery.exe
Resource
win7-20240708-en
Behavioral task
behavioral16
Sample
MSORecovery.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
Uninstall.exe
Resource
win7-20240704-en
Behavioral task
behavioral18
Sample
Uninstall.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240704-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral21
Sample
bs_load.dll
Resource
win7-20240729-en
Behavioral task
behavioral22
Sample
bs_load.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
bs_wm.dll
Resource
win7-20240708-en
Behavioral task
behavioral24
Sample
bs_wm.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral25
Sample
gdiplus.dll
Resource
win7-20240708-en
Behavioral task
behavioral26
Sample
gdiplus.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
t34.dll
Resource
win7-20240705-en
Behavioral task
behavioral28
Sample
t34.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral29
Sample
wab_recovery.exe
Resource
win7-20240704-en
Behavioral task
behavioral30
Sample
wab_recovery.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
8dabaad433dbb2b516e75168ca970903_JaffaCakes118
-
Size
7.1MB
-
MD5
8dabaad433dbb2b516e75168ca970903
-
SHA1
4faeb166b07c6e81db33cfb978473d157e1a05c1
-
SHA256
3dacbf49ecb37c75438c28e2762dbab36aba3e817bf7568767d2135f2800444b
-
SHA512
ca7eb17717693b63007e218da7d6d3e51bbe3af79ff9e080b1cd5340a06137698601a26885d3843a8dd8c01fa0236892560403b9725927689c97d9956e990aa1
-
SSDEEP
196608:kQqUejR4kJxjTbSYcOGn6/21XnyzGUQipup0:UjR4k/jT2DC2Ez1Qipb
Score7/10-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
325b008aec81e5aaa57096f05d4212b5
-
SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3
-
SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
-
SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
-
SSDEEP
192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score3/10 -
-
-
Target
$PLUGINSDIR/StartMenu.dll
-
Size
7KB
-
MD5
a4173b381625f9f12aadb4e1cdaefdb8
-
SHA1
cf1680c2bc970d5675adbf5e89292a97e6724713
-
SHA256
7755ff2707ca19344d489a5acec02d9e310425fa6e100d2f13025761676b875b
-
SHA512
fcac79d42862da6bdd3ecad9d887a975cdff2301a8322f321be58f754a26b27077b452faa4751bbd09cd3371b4afce65255fbbb443e2c93dd2cba0ba652f4a82
-
SSDEEP
96:2fiqP7bO2qHkAC40KhvSE+6nrxtMn0iGd88qRLqtJ1tbRhElfRx2:siqP7OHX1Q4xtcf8qo/ttgfRx2
Score3/10 -
-
-
Target
Alligator.k52
-
Size
1.9MB
-
MD5
e90731651f4cee68f4e80319953a83d1
-
SHA1
5bc408c46e7a292d1423264d06eb389f0a7dcdae
-
SHA256
cdd09b97328c10b8a78b285bb1c106e64ce5c13747ef8b11404fceafc872430a
-
SHA512
70c4a2ffe93535cfc7f7818d2b5c010f3ea10ec49d7711e65032edeef1f8cfbdf588837033e202352f9626bf1592d98742e9eaf4eebec6dbbbc85ac1ec0480e2
-
SSDEEP
49152:F30B6Qhgeg0XS7ezZ8ryop9/6qEfLZF17vV3Jpou:FEBthE2RzirTC1fLX1B4u
Score3/10 -
-
-
Target
BlackShark.k50
-
Size
162KB
-
MD5
5b518f989aaa855b60f9b1b6cf44211d
-
SHA1
108e8acfb35797840a987bb8805f479bbdcfbe88
-
SHA256
24a56e451776b0a3024388f52b139f660a244b03e80d2150dbe0ee423127c886
-
SHA512
653d5ec317f3abe4e9f0e4516a13f394d1a70d67c5418f44c899e0d17ad1851192fdf25f46f121b2d626095b19bdd67f4f81c6ada42c4afe4ac7b1dd1b446dc4
-
SSDEEP
3072:1uWgN4mJzcrpXVvjJm2HOMe0CS81vMXhfaDgK9gtB8x+12kiujvGdI:1uWgN4mJOR/mzMm5kRf1K9Dx+1Liuj
Score3/10 -
-
-
Target
Get your registration code.url
-
Size
125B
-
MD5
7d8a34b7180fbf0d60d3e95099980ebc
-
SHA1
94315de23c1b8cbd855f473db1472764be65120d
-
SHA256
014472847e1ad0f1fc0907774f102c4f66dbf505c7f9748d5f3b7a658e899252
-
SHA512
d9c661f23125cc561b05d6c4e1fdca8e105345f71cc2b27015ce7f2ea8a3d76c2c984ef74f7954020f379767001b3f96f68886b4a91007a45816e88821a9507c
Score1/10 -
-
-
Target
MIG_29.dll
-
Size
284KB
-
MD5
823027d201e8320ba9ae20b5f3914dcc
-
SHA1
afaf8db6bc1133581f720b9363d09dfd6f3727b4
-
SHA256
e48a62466cf46065fe34d4fe08390f9db2058ae2461b78eae7e25a4f301d5fca
-
SHA512
921d066a33174a9fca58b0d833195332146b79aee17ba7b7f925f4b33cbb2b70a9b5e0c241240085b64976009f3b38a1484c07c539681ded674e791fcd7c5f71
-
SSDEEP
6144:8bhQcZEmUgvvHCWj57apJ2OT+f3fidbuQJbfAORqOK:CjZEiv1o2CwvidqQljqO
Score3/10 -
-
-
Target
MSORecovery.exe
-
Size
2.7MB
-
MD5
ee020c5725f349a34eac92982a65235b
-
SHA1
a1270c2a0134e51a4b42cf4e5a8f5a94681beeba
-
SHA256
6253ecdb4296b0c6da93e178f66542b795a64c2adfbff85a62b4580ae2df6a62
-
SHA512
73284952f2b66e378b75261d1223bfde397636784f9f6ca4e7d3c2d31cc37bf1c6641dbbb26633b31c4a5074ff76c61cc9f3e8bcae794e65149ee3aa2a17098c
-
SSDEEP
49152:KYLzFRQvCCBlwoY+17kYQstL8vnMn0z7OGIGG2G05HbN/kTpsc:KYLzFRSZlN10st6M05g10VbN/apv
Score7/10-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
-
-
Target
Uninstall.exe
-
Size
59KB
-
MD5
973038639d770a979c786f86c71c2aa2
-
SHA1
45cd5858255d414606760666b9344d95c0c2ead2
-
SHA256
64326f62c4328392e52de8a675b2cbc0c7b10a7ba9cea03d829ed56f4b714e42
-
SHA512
2b3bf405249abd930be9bbaf4ee56bd24510fe98927e24a4b17192859984fd12e89941f60e7b108e2806282771cc4d2c6ab3bdec97409c78b62fbf6631c23928
-
SSDEEP
1536:2pgpHzb9dZVX9fHMvG0D3XJrgdLeAyN/QhV/l:cgXdZt9P6D3XJrceAXv/l
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
325b008aec81e5aaa57096f05d4212b5
-
SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3
-
SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
-
SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
-
SSDEEP
192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score3/10 -
-
-
Target
bs_load.di
-
Size
466KB
-
MD5
15abbe3c15e018da7ef56841af33cb74
-
SHA1
7a91dca0f03b175929ded67625d79a5430c3ceff
-
SHA256
c0980bfddf43bbd6df2441f2dfa46f98f04b7b4d0f4f079b60abaaa21a1ab3e0
-
SHA512
c84e95cca9f8b901fe904937b70c23f7b86dc1037905d8bf0c6f8602a41abf4305bc1eb925447c1b74123d974b2f752eccfdd184ddf6cef6d7eb7194832d2ce1
-
SSDEEP
12288:EBQstBghoWlHkXMzIuZFquh4cilkfiEW:8DYhoWlHml3u9iqf
Score3/10 -
-
-
Target
bs_wm.di
-
Size
64KB
-
MD5
1321edc324c693184631b27870745b75
-
SHA1
aadda09fe92940aaac81c7733c3b636ea9592f34
-
SHA256
c00718b18ed6d0ee5021ff1a35f164676385c5b23f40ae332af6ea7805af3a9a
-
SHA512
5ce976ef98ee882f5dc2ae5366e5e08461ffa292b26bc1a24cf2bff52543f4ebd1eeaa3bf07616520d689d7b1afbdde6c3483ce9dfba59eb0ebaca3f170a9a4b
-
SSDEEP
1536:sPheLWulsWgcovqchWxhOMyP6mJiSmX9DBZ/B:sQlsW5ov3hEhY6mJiSmX9DBJB
Score3/10 -
-
-
Target
gdiplus.dll
-
Size
1.6MB
-
MD5
d0aaae16ba162dd89d646887f1539855
-
SHA1
0a222f319b7712b861ef6adf0c38cc2c5a2790fa
-
SHA256
d84e7eb505adee8ea660f48c89705977f5eb33b7299d0bd981624e3ece320223
-
SHA512
6d7cf7b3a1dc0560791bc3db4fc836ad0f58b8b531c593d96a37bb77afa3ab7dd6bd4d66a97e37cde3443078eb189609d8d36119198c60ce6b74c1a093000769
-
SSDEEP
24576:i0CiGmsJ2LC4jJmNwP+6fBUAK8C0m1DQucWM9nul/SuyZfWPP90bTv6:i0K2L1Pjf2AKWmFcLulMZ9H
Score3/10 -
-
-
Target
t34.dll
-
Size
44KB
-
MD5
bed53822767514451e6430f29caa4984
-
SHA1
d904a51dc5c17ac314ca65acadb3a019e579dfa9
-
SHA256
78b4a37f0b85d645c0cd605622da1b864eda828bffa6456b4072208cc7ffaa0f
-
SHA512
4e90556cf90e6760c7698c80097202f6b4181ecab86331374bdd83a076152e24b495e8763696a2e6c5ab6b5f31192a6ac2353469c858686c57a0453b0833f3cb
-
SSDEEP
768:SqNustuFL5Z2pRLexw57kyALAIED8F3DK:SqN1tuPZ2pRLN5/cuD8dDK
Score3/10 -
-
-
Target
wab_recovery.exe
-
Size
2.5MB
-
MD5
fb7d7957793ceb0696da272e4af488ca
-
SHA1
ef1b6259484398e0f32b19bbdcf4f6b15641f6b5
-
SHA256
774d28cf0489395844f63ed589e870fa1d1f1cc696914b9a097e86f6deeb531c
-
SHA512
7f5fb9a886773f06143663810beaa41d59f53547dc1a3341c511aba8a2d399356aa4be9fc918b5caadfffe8bb5c4fa5a83569385b3f41f876bddb1d82667408e
-
SSDEEP
49152:noRUDfoWgwPhngL28E0IJQ98rVFSH47CIiQL9YlX9:noRAQWgwPhnKtIJjrBDt9YlX9
Score6/10-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-