Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

bdcd08123d...18.exe

windows7-x64

7

bdcd08123d...18.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SYSDIR/gtapi.dll

windows7-x64

3

$SYSDIR/gtapi.dll

windows10-2004-x64

3

$TEMP/Goog...ed.msi

windows7-x64

6

$TEMP/Goog...ed.msi

windows10-2004-x64

6

UUPlayer.dll

windows7-x64

3

UUPlayer.dll

windows10-2004-x64

3

UUSeePlayer.exe

windows7-x64

10

UUSeePlayer.exe

windows10-2004-x64

10

bass-plugins.exe

windows7-x64

7

bass-plugins.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

CoCode.dll

windows7-x64

3

CoCode.dll

windows10-2004-x64

3

UFDeMux.dll

windows7-x64

3

UFDeMux.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bdcd08123d21c1c5c7a1a3cd95096437_JaffaCakes118

  • Size

    4.1MB

  • Sample

    240824-cjpsfasbkm

  • MD5

    bdcd08123d21c1c5c7a1a3cd95096437

  • SHA1

    7e7aee618edbac331c6ea7b2cc4513f68f5d1087

  • SHA256

    fe76f28937b3d27d0c97f98e2a42a5432cde68af310ebe68fbc22db1f79c07fd

  • SHA512

    ad9e3c0db66aa51401c6cf0b95fb5f50cf726937f1c380ba7e4ff68651a4e4bb7a16a10799d9a4883dccccb67eda7a7a4278d79b35cd8d0e50032df8502b92c5

  • SSDEEP

    98304:3G7wYQ/WukNwVgOb2Y14XDabzhz3iHmpA5ZzsXY6ykk0AhCT:W7wSZyVgOqYcDapz3iGe5pYY6ykb48

Score
10/10
discoveryevasionpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      bdcd08123d21c1c5c7a1a3cd95096437_JaffaCakes118

    • Size

      4.1MB

    • MD5

      bdcd08123d21c1c5c7a1a3cd95096437

    • SHA1

      7e7aee618edbac331c6ea7b2cc4513f68f5d1087

    • SHA256

      fe76f28937b3d27d0c97f98e2a42a5432cde68af310ebe68fbc22db1f79c07fd

    • SHA512

      ad9e3c0db66aa51401c6cf0b95fb5f50cf726937f1c380ba7e4ff68651a4e4bb7a16a10799d9a4883dccccb67eda7a7a4278d79b35cd8d0e50032df8502b92c5

    • SSDEEP

      98304:3G7wYQ/WukNwVgOb2Y14XDabzhz3iHmpA5ZzsXY6ykk0AhCT:W7wSZyVgOqYcDapz3iGe5pYY6ykb48

    Score
    7/10
    discovery

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/FindProcDLL.dll

    • Size

      31KB

    • MD5

      83cd62eab980e3d64c131799608c8371

    • SHA1

      5b57a6842a154997e31fab573c5754b358f5dd1c

    • SHA256

      a6122e80f1c51dc72770b4f56c7c482f7a9571143fbf83b19c4d141d0cb19294

    • SHA512

      91cfbcc125600ec341f5571dcf1e4a814cf7673f82cf42f32155bd54791bbf32619f2bb14ae871d7996e9ddecdfcc5db40caa0979d6dfba3e73cfe8e69c163c9

    • SSDEEP

      384:1NWlNdqdAnhTKMLE2oIM05fnqCiWg3Yy9kflIinokN:1NWtqdihTKCldkYwkdpnoy

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      12KB

    • MD5

      3c19f79ce11facc2fc4d3351dbb263e0

    • SHA1

      17f4bf4b18ea7700f70ac7d825dc997be0d25f71

    • SHA256

      cfaba712ad640ce2b4890005ffcf03ed9e2a18a6cf9075295f3aaea1478896b9

    • SHA512

      05c9ac861e4fed610171fcb5fad40abc30cbf90e9c7cb13c758f52cdff568af0fdd6af968db4fb143a748c77f21c353c7cffea28cbcbd2ad17157038ab490273

    • SSDEEP

      192:Aq6dnSzJb/WHM9Vm8/FlW8pMFEi49xpkpIURnPehwbbHF1Quhcb:L6dnYbuH+3FlcmzWnW2bbMuO

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/KillProcDLL.dll

    • Size

      32KB

    • MD5

      83142eac84475f4ca889c73f10d9c179

    • SHA1

      dbe43c0de8ef881466bd74861b2e5b17598b5ce8

    • SHA256

      ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729

    • SHA512

      1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1

    • SSDEEP

      384:3rYz6grZodORNWATt4TBmlk5ooyzFh7BukAUdJoUtSOSR:3QggDWATWNCFh7BNddJoxO+

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      725145e8caa39635cab9899c47c72eda

    • SHA1

      30478c907551bd920bf359638b091fc5c10b5a53

    • SHA256

      1759e4f7777fb8c9ed356a7d4dc237a90e0760061685d44ea02d40ca9e359ceb

    • SHA512

      de31286ea10321f762a3b6e7c6c82177d5b6f45a82adc936fcbbc23105708cbbbec903ba94ba94e7723e80f1828393e5395ef575b37136b19de7535e74e24547

    • SSDEEP

      192:lOSsJI/rqmIDNLU0dq51EgAiNbubv6pLZ:jHQQ0d01Egbq76p

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      $SYSDIR/gtapi.dll

    • Size

      44KB

    • MD5

      b19256632fd0ba5bed01e80e29402384

    • SHA1

      a4b72c88e688f53c7d3c0caffca37b65fbce31da

    • SHA256

      0de25aa419acd2f9534ef03de471d034fe89697e7d8405965b3e6e0b044ae3ad

    • SHA512

      052bf2f799977ad119c354b809001827f0e33d6122cc2eec02c15a5d1b50c57af4af38c5eed3c295ac3a7cc2604b4bfa89f3739f5b512046ce5b0326ff897f5a

    • SSDEEP

      768:mfQ6MpT8MNWNR+mLMTyyfFtEJuxorYDaY3:sQnT87z+mLwyybxTD7

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      $TEMP/GoogleToolbarInstaller_zh-CN_signed.msi

    • Size

      1.1MB

    • MD5

      ec1629e2086cad6ccc4c995630896213

    • SHA1

      e0e1f7720072b85c04318d6d15b595d7e8f52670

    • SHA256

      101fc387cb284a27c943ea087b751aefb5c106a214253b7e29e7381da95beaee

    • SHA512

      3f7157a25a2d1f1fc345e9138ed5c1f17805256be985e8cfe54c60cb5a11d62e13472bdeee187c7b13e5746c8d9e08359d929410d3b5e5ab204cf4f91c02d9b1

    • SSDEEP

      24576:FBkI5/nyOeMDyWd8Dce5HrY5w6Rsa31L5Dh66NIXiQcAqHVIYzgD:jhyOeMPacWHruwOsa31L5Dh66N+iVh1O

    Score
    6/10
    discoverypersistenceprivilege_escalation

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral13behavioral14

    • Target

      UUPlayer.dll

    • Size

      469KB

    • MD5

      e46a2b34a3d31cde2d11afae08abc081

    • SHA1

      d0ed285663324b05eb20e23fc6f81447d95ab355

    • SHA256

      67ac852970050e2d353b2a8efbe68f1aaa6a353e0584393aca344173dbc853bb

    • SHA512

      be3c9fffefac1de63a9e4d9d317d542cb0e5da4196e661144bbc259d0e76f612d7b1777f190538855808bceb412d580c2f3a601d2e8775b1dc4e079b6560d5b8

    • SSDEEP

      12288:KDJ0hvzjGAy/hlZK6KPZIT2RDZaZjwMTeso9UJ0+JWqeGQCKvWlVs/iKVbvhabM6:KDJszjGAy/hloZI4DZaZjwMTeso9UJ0m

    Score
    3/10
    discovery
    behavioral15behavioral16

    • Target

      UUSeePlayer.exe

    • Size

      1.1MB

    • MD5

      ec9624b5b7557ce9fccf7c34f2a5a3ae

    • SHA1

      bdf4369f25dfcc9a49f9fa84ade190a99d7ff910

    • SHA256

      501e5e748e4df5b13382e8f932a7a11fc311b91059863fbbcc94bc9e41d597d3

    • SHA512

      9c443b0d2452517ba1ce0679afb063fe26e2eaa0c42d9e2018f466c27fe7939172c266ed65a1968e9cd9fbb17c18c6616a6f1e34fa473b1684f44e0c58b59d6e

    • SSDEEP

      24576:2ShKos1i1C8d+qvJJ77IZA+ELJMs8KUV2:tUq+g0651

    Score
    10/10
    discoveryevasion

    • Modifies firewall policy service

      evasion
    behavioral17behavioral18

    • Target

      bass-plugins.exe

    • Size

      2.1MB

    • MD5

      439a2b0dc48d1a6ac3f14e92046cffb2

    • SHA1

      73f13601534fd250033c4d7f7ae72e17fdd20c35

    • SHA256

      7a4fa7de2c78498ed7f278ffe595e95e81da80d2a7bb861860a9cf547e50a0d2

    • SHA512

      d27e8fb3d5499112a2080bb81f28c337d5a274bb9088dc83ff1e0c191ddaa0d5a3826365b68e6f4bbce345fae40c3a8bac2e51f1f2bca4f88f55d8898b8a9e8c

    • SSDEEP

      49152:tTkNwVuJ22a8Vhq22wW1SH84DalJOoFLXPLvv8jaXemx4FVov:FkNwVgOb2Y14XDabzhz3iHmpv

    Score
    7/10
    discovery

    • Loads dropped DLL

    behavioral19behavioral20

    • Target

      $PLUGINSDIR/FindProcDLL.dll

    • Size

      31KB

    • MD5

      83cd62eab980e3d64c131799608c8371

    • SHA1

      5b57a6842a154997e31fab573c5754b358f5dd1c

    • SHA256

      a6122e80f1c51dc72770b4f56c7c482f7a9571143fbf83b19c4d141d0cb19294

    • SHA512

      91cfbcc125600ec341f5571dcf1e4a814cf7673f82cf42f32155bd54791bbf32619f2bb14ae871d7996e9ddecdfcc5db40caa0979d6dfba3e73cfe8e69c163c9

    • SSDEEP

      384:1NWlNdqdAnhTKMLE2oIM05fnqCiWg3Yy9kflIinokN:1NWtqdihTKCldkYwkdpnoy

    Score
    3/10
    discovery
    behavioral21behavioral22

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      12KB

    • MD5

      3c19f79ce11facc2fc4d3351dbb263e0

    • SHA1

      17f4bf4b18ea7700f70ac7d825dc997be0d25f71

    • SHA256

      cfaba712ad640ce2b4890005ffcf03ed9e2a18a6cf9075295f3aaea1478896b9

    • SHA512

      05c9ac861e4fed610171fcb5fad40abc30cbf90e9c7cb13c758f52cdff568af0fdd6af968db4fb143a748c77f21c353c7cffea28cbcbd2ad17157038ab490273

    • SSDEEP

      192:Aq6dnSzJb/WHM9Vm8/FlW8pMFEi49xpkpIURnPehwbbHF1Quhcb:L6dnYbuH+3FlcmzWnW2bbMuO

    Score
    3/10
    discovery
    behavioral23behavioral24

    • Target

      $PLUGINSDIR/KillProcDLL.dll

    • Size

      32KB

    • MD5

      83142eac84475f4ca889c73f10d9c179

    • SHA1

      dbe43c0de8ef881466bd74861b2e5b17598b5ce8

    • SHA256

      ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729

    • SHA512

      1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1

    • SSDEEP

      384:3rYz6grZodORNWATt4TBmlk5ooyzFh7BukAUdJoUtSOSR:3QggDWATWNCFh7BNddJoxO+

    Score
    3/10
    discovery
    behavioral25behavioral26

    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      725145e8caa39635cab9899c47c72eda

    • SHA1

      30478c907551bd920bf359638b091fc5c10b5a53

    • SHA256

      1759e4f7777fb8c9ed356a7d4dc237a90e0760061685d44ea02d40ca9e359ceb

    • SHA512

      de31286ea10321f762a3b6e7c6c82177d5b6f45a82adc936fcbbc23105708cbbbec903ba94ba94e7723e80f1828393e5395ef575b37136b19de7535e74e24547

    • SSDEEP

      192:lOSsJI/rqmIDNLU0dq51EgAiNbubv6pLZ:jHQQ0d01Egbq76p

    Score
    3/10
    discovery
    behavioral27behavioral28

    • Target

      CoCode.dll

    • Size

      97KB

    • MD5

      fccffd018f4fc6ee6ee4962a1f9f351a

    • SHA1

      5f46830c8b50e7566d992dee37c84a65c75c7563

    • SHA256

      be9a88419faa651f180a21d813c5ec459ed217a812022d2fc9dfa7f0c06f056f

    • SHA512

      d97f559e2fead55b8b1c6cd9bcd0dd3fb12ca130fa1b01a4179b37e05f58be8a256a3482b369d6112fcc1ab9c330d7467dbc648dbe7fda44d9b750710eb48500

    • SSDEEP

      1536:pPwjW+sl+S+HHc1FwPUjIcfMrRfzsF0KouH354i+Pysnj:pPEo+S2HpgMaxX54iEyI

    Score
    3/10
    discovery
    behavioral29behavioral30

    • Target

      UFDeMux.ax

    • Size

      153KB

    • MD5

      06a18d5fa650274b5e6a09b4f705ec43

    • SHA1

      b7c7e0a320d1c04a8cb7addf5cb9087bf2d32fed

    • SHA256

      6711789d58f4f96162ec812a9ff19d33e8ee4f8f321caefb8a386590650f5818

    • SHA512

      07a2666783706174d6325bb51b640f290a8cb38c9de3f0da1ab8e7613820a6bb77c7ec0519710ba4411c0ed094df41ba9bf084a21ddc73e123c5cef52c929414

    • SSDEEP

      3072:9mNcg3Iqa+WSs3rRjLTRjLO2VtLmL+yzE:9mPiN3jmLxzE

    Score
    3/10
    discovery
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

discovery
Score
7/10

behavioral2

discovery
Score
7/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discoverypersistenceprivilege_escalation
Score
6/10

behavioral14

discoverypersistenceprivilege_escalation
Score
6/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discoveryevasion
Score
10/10

behavioral18

discoveryevasion
Score
10/10

behavioral19

discovery
Score
7/10

behavioral20

discovery
Score
7/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

discovery
Score
3/10

behavioral26

discovery
Score
3/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

discovery
Score
3/10

behavioral30

discovery
Score
3/10

behavioral31

discovery
Score
3/10

behavioral32

discovery
Score
3/10