Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
8Static
static
7cdfc421d78...18.exe
windows7-x64
8cdfc421d78...18.exe
windows10-2004-x64
8$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDI...nu.dll
windows7-x64
3$PLUGINSDI...nu.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
7$PLUGINSDI...ll.dll
windows10-2004-x64
7$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$TEMP/$_83_/ists.dll
windows7-x64
3$TEMP/$_83_/ists.dll
windows10-2004-x64
3GamesBot.exe
windows7-x64
6GamesBot.exe
windows10-2004-x64
6GamesBotSvc.exe
windows7-x64
1GamesBotSvc.exe
windows10-2004-x64
3Modules/7z.dll
windows7-x64
3Modules/7z.dll
windows10-2004-x64
3Modules/Base.dll
windows7-x64
3Modules/Base.dll
windows10-2004-x64
3Modules/alzm.dll
windows7-x64
3Modules/alzm.dll
windows10-2004-x64
3Modules/brs.dll
windows7-x64
3Modules/brs.dll
windows10-2004-x64
3Modules/cmd.dll
windows7-x64
3Modules/cmd.dll
windows10-2004-x64
3Modules/inws.dll
windows7-x64
3Modules/inws.dll
windows10-2004-x64
3Modules/ists.dll
windows7-x64
3Modules/ists.dll
windows10-2004-x64
3General
-
Target
cdfc421d78794c2238c5d4d9a83c4486_JaffaCakes118
-
Size
2.5MB
-
Sample
240901-b92z1syalq
-
MD5
cdfc421d78794c2238c5d4d9a83c4486
-
SHA1
df7e87b7e42a9927dbec803f3bd2e3121e90ad00
-
SHA256
1048dc935e56622222c56b9afc9695fd83dd5ed9a567b2207e6e65ad71ec5254
-
SHA512
00f238548be91c7daf75c4c6b9349ea17b1a214e5825f28a4e15b379a58fdb65d1e2a4887b0aac8db942521855935a0cd49e02c2535873f319734c8b87944c1b
-
SSDEEP
49152:626OIzZTCw0Pelu8G5Uo7kUmutNPpJ6Qmub1F1ZMV:6hp90PeoVOoAqBcQDbNZA
Behavioral task
behavioral1
Sample
cdfc421d78794c2238c5d4d9a83c4486_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
cdfc421d78794c2238c5d4d9a83c4486_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/ShellExecAsUser.dll
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/ShellExecAsUser.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win7-20240705-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240729-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/md5dll.dll
Resource
win7-20240708-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/md5dll.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240705-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
$TEMP/$_83_/ists.dll
Resource
win7-20240705-en
Behavioral task
behavioral14
Sample
$TEMP/$_83_/ists.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
GamesBot.exe
Resource
win7-20240704-en
Behavioral task
behavioral16
Sample
GamesBot.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
GamesBotSvc.exe
Resource
win7-20240704-en
Behavioral task
behavioral18
Sample
GamesBotSvc.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
Modules/7z.dll
Resource
win7-20240729-en
Behavioral task
behavioral20
Sample
Modules/7z.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral21
Sample
Modules/Base.dll
Resource
win7-20240704-en
Behavioral task
behavioral22
Sample
Modules/Base.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
Modules/alzm.dll
Resource
win7-20240705-en
Behavioral task
behavioral24
Sample
Modules/alzm.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral25
Sample
Modules/brs.dll
Resource
win7-20240708-en
Behavioral task
behavioral26
Sample
Modules/brs.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
Modules/cmd.dll
Resource
win7-20240708-en
Behavioral task
behavioral28
Sample
Modules/cmd.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral29
Sample
Modules/inws.dll
Resource
win7-20240708-en
Behavioral task
behavioral30
Sample
Modules/inws.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral31
Sample
Modules/ists.dll
Resource
win7-20240705-en
Behavioral task
behavioral32
Sample
Modules/ists.dll
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
cdfc421d78794c2238c5d4d9a83c4486_JaffaCakes118
-
Size
2.5MB
-
MD5
cdfc421d78794c2238c5d4d9a83c4486
-
SHA1
df7e87b7e42a9927dbec803f3bd2e3121e90ad00
-
SHA256
1048dc935e56622222c56b9afc9695fd83dd5ed9a567b2207e6e65ad71ec5254
-
SHA512
00f238548be91c7daf75c4c6b9349ea17b1a214e5825f28a4e15b379a58fdb65d1e2a4887b0aac8db942521855935a0cd49e02c2535873f319734c8b87944c1b
-
SSDEEP
49152:626OIzZTCw0Pelu8G5Uo7kUmutNPpJ6Qmub1F1ZMV:6hp90PeoVOoAqBcQDbNZA
-
Blocklisted process makes network request
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
-
-
Target
$PLUGINSDIR/ShellExecAsUser.dll
-
Size
83KB
-
MD5
0f2f0c6e86ed89e355be8b39e159fad0
-
SHA1
970a0f7df2a32325019a8c24de592beec490d63e
-
SHA256
e79fcb76e289709cf59c7d73a6d142193cdd3a94c1b5f318d320e52dcc76daf9
-
SHA512
ab5223e6aec8b94151e595d788c77686a31f00615b5e1de02b07aa7c5e439a90ed8333f4bbc0fe1c50baa6e3b36404f972249aafd148bbf3a60fe302cac761dc
-
SSDEEP
1536:T1kYvp+3iQfAsjms/38JWfLydNiZwEc0boX9TsWjcdNleSVgzlW:prRvQ4sKs/34s/icN3VghW
Score3/10 -
-
-
Target
$PLUGINSDIR/StartMenu.dll
-
Size
7KB
-
MD5
4206ac12a66dd61b2913f158488db070
-
SHA1
589a65a8f2b40d9e821e47bc66fd5bb3848d6f77
-
SHA256
4b722e1b2445fe8030194ba2ae1f573bc8e13dc3c028ce22312ea9848c584449
-
SHA512
a6a1bd423f222dd28277831eb01a14179ea67fb4d7c2b498cf0684185caf7d44a1378faf3a3933a6ce5bed5f5824d011b4a0f6558c3b5d8e84cb5a2bfe455a67
-
SSDEEP
96:o8dPIKJhMuhik+CfoEwknt6io8zv+qy5/utta/P3lkCTcaqHCI:1ZIKXgk+cx6QYFkAvlncviI
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
3e6bf00b3ac976122f982ae2aadb1c51
-
SHA1
caab188f7fdc84d3fdcb2922edeeb5ed576bd31d
-
SHA256
4ff9b2678d698677c5d9732678f9cf53f17290e09d053691aac4cc6e6f595cbe
-
SHA512
1286f05e6a7e6b691f6e479638e7179897598e171b52eb3a3dc0e830415251069d29416b6d1ffc6d7dce8da5625e1479be06db9b7179e7776659c5c1ad6aa706
-
SSDEEP
192:eP24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlbSl:T8QIl975eXqlWBrz7YLOlb
Score3/10 -
-
-
Target
$PLUGINSDIR/md5dll.dll
-
Size
6KB
-
MD5
7059f133ea2316b9e7e39094a52a8c34
-
SHA1
ee9f1487c8152d8c42fecf2efb8ed1db68395802
-
SHA256
32c3d36f38e7e8a8bafd4a53663203ef24a10431bda16af9e353c7d5d108610f
-
SHA512
9115986754a74d3084dd18018e757d3b281a2c2fde48c73b71dba882e13bd9b2ded0e6e7f45dc5b019e6d53d086090ccb06e18e6efeec091f655a128510cbe51
-
SSDEEP
96:5mArJv6F3TqDmgK4ghEin1US36eHQZDUDgGogZcko5Nt4AMP:5XJ63LhR6inZ6dsgZkKQT
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
dbdbf4017ff91c9de328697b5fd2e10a
-
SHA1
b597a5e9a8a0b252770933feed51169b5060a09f
-
SHA256
be60a00f32924ccbe03f9914e33b8e1ad8c8a1ca442263a69896efba74925b36
-
SHA512
3befc15aab0a5dbe7fde96155b0499d385f2799b1a2d47ce04f37b5804006b1c6c4fff93d3cedb56a2a8172b23752b6f9dc6168cfce3596b91def3247836cf10
-
SSDEEP
96:33YnIxFkDUGZpKSmktse3GpmD8pevbE9cxSgB5PKtAtYE9v5E9KntrmfVEB3YdkS:33YIvGZDdtP8pevbg0PuAYK56NyoIFI
Score3/10 -
-
-
Target
$TEMP/$_83_/ists.dll
-
Size
269KB
-
MD5
78bed877a9d9564205e98359650a9246
-
SHA1
e4bd50f48bdc9260e36bfd2731d8d85de162bfbc
-
SHA256
a2ec95353203228e798a685de97f04ac27cf9561907b559bf8f252c9425ee817
-
SHA512
267d2c9461432d8da70a65b64238680c30fe577f31e6960e9b32c9f55bf63ad0893164c521b0e3d6ec8dc21fcf206adc9f27529514960861c2fae928669138f4
-
SSDEEP
3072:pAIj6X3k1npXjKT0p9JO1X8gD49pWLUkfXwVac1+3owWiqG3IN3VXRESp9SXk:pAo6EFNju0dsFMCUko7ieRvp9x
Score3/10 -
-
-
Target
GamesBot.exe
-
Size
377KB
-
MD5
92a0507bf7612b650cff53899ac0297c
-
SHA1
3182d4e6fd16bdea70bc041cb74e45e6df5e8c7b
-
SHA256
cd96224146e69b55fa48f0fde267aee8d0250f16a964e2763d381914fbb29a24
-
SHA512
95f885ee403da0b5adae5a628e1b46d24b902fb0238121fa02383877ea816de788161e91c234f8650552aaa6a7f5f0dcf3b604d111b65c38a58fb8f6af0e0a16
-
SSDEEP
6144:1aCrb2zovQY0jPytboO+vYFkUjk4XqprPn3yJ8eJnX7hfK3lUaCS9MzC:kCrb2OQY0TyyOekI1wJX7dICSG2
Score6/10-
Adds Run key to start application
-
-
-
Target
GamesBotSvc.exe
-
Size
52KB
-
MD5
31f3889058133f6e133c8fedfeaa2e9c
-
SHA1
543605dadcc981de1070ee1171254a4847cec3e8
-
SHA256
eebfe740da31d98b0dd1350aac9ce03f90f2869ff99c6882809c4edcaeb244c9
-
SHA512
917ddb183f0309072aff4864404bf3cddab4bb990c1260a61ecbac22017ba93df6c488bf9f76b78e73392bdfd757666cef780f661bb5b31698965b841f829625
-
SSDEEP
1536:iTLslMp+Li9o58qYSHw2rdvSKFtwVU+iKu/Z8GTS3ip:Qgq+z58qYurdvSKHwVPBuh8H+
Score3/10 -
-
-
Target
Modules/7z.dll
-
Size
893KB
-
MD5
04ad4b80880b32c94be8d0886482c774
-
SHA1
344faf61c3eb76f4a2fb6452e83ed16c9cce73e0
-
SHA256
a1e1d1f0fff4fcccfbdfa313f3bdfea4d3dfe2c2d9174a615bbc39a0a6929338
-
SHA512
3e3aaf01b769471b18126e443a721c9e9a0269e9f5e48d0a10251bc1ee309855bd71ede266caa6828b007359b21ba562c2a5a3469078760f564fb7bd43acabfb
-
SSDEEP
24576:TW+wsDaQw6DDz3qRyPnmGfrnvVUKueY8RmneWtJ:TasY6DwOBfrnvV7UeWt
Score3/10 -
-
-
Target
Modules/Base.dll
-
Size
106KB
-
MD5
df264efa2c5285aab9700b30afcf5852
-
SHA1
1f8e3d1577b7f416ec763f2c8c585b8647ddb6db
-
SHA256
027cf7f9074a2306ad323254a79205f33b2ec24085a93efe186057230121755a
-
SHA512
ad0b1dd7a5f658d8c7b408455dd87bfc87b1690f6ee355a88287e8e96adc609dabc94ca831cda42b156480c21b760ea8093df5af26bcadb0259bdee5cc8fb069
-
SSDEEP
3072:WI6YCV7JGhaLWXg91eTzN1q/jva8I/+/VZM4vCo2:WI6YCjFSXgzed2La8I/+/VZM4vC
Score3/10 -
-
-
Target
Modules/alzm.dll
-
Size
38KB
-
MD5
a1b7e11dd9e80402e5654398d65760d2
-
SHA1
c2e05af5b57f5ef0f77c905780e799cc48fe8e91
-
SHA256
ca3837873f2fd36d4646769990ddef0a5d3549bccb1d11174d37b493c4e31b8d
-
SHA512
f328478f6e2681319f5a824737818f75d7ee9c7f8c1f63ce2a8e9813c87fd71118a00547664965f6c4d79b888fa473011578c5c0491faeccfd6908cb3cff0425
-
SSDEEP
768:8/PidxjnQyslT/H4mKFnYzNjMLwpr3TScciY:sPidtnPgrHpzNoMpzTS3iY
Score3/10 -
-
-
Target
Modules/brs.dll
-
Size
115KB
-
MD5
6ebfb697f7b8b0b3399c6e845e9b12ba
-
SHA1
705f93bd0f390d8b6d533f20823a8d9f9300856c
-
SHA256
eab7e27c292aa35c661e01d71ec91f0503c915742ba04135da3eb4ad931db8f5
-
SHA512
f5499b172b704d069c83b6d5fb7a206f11db3206061aad01de69a04d0d7b9f5e4fa8a5645259c8e612a416fa6f022b8e9c6041b8e344b2c783549477faa95f13
-
SSDEEP
3072:DKnpWlIy5P6DEb1j8+D/4imoUIXTw6JTKwOd2/EBX:MpWlRZ6Daj8+Fjzubd2/EB
Score3/10 -
-
-
Target
Modules/cmd.dll
-
Size
90KB
-
MD5
8da6472a042621a7962944e4bd867827
-
SHA1
0265d5935233085b047481c985273f02954c970b
-
SHA256
bd585d81b520a5c3b750f8a3545b180c7b7a32f36565cfe0afde46ec73494682
-
SHA512
bdda42ff95e76fa5ab9f5af961bb73aed08b00963efdcc353e5e7c425599ec364af980f7970357ed844747953211a97ba42c0de8ad104f9b78736be15cf51ccd
-
SSDEEP
1536:NX7wnCPGC1TRbTVyxFQQgwyJ3lKDm6OXQtsWhDgI5LqdUBPD/M3bUPTS3igf:NrNGeZTV0QQglJ3xAtsWhDg+qdUFD/MF
Score3/10 -
-
-
Target
Modules/inws.dll
-
Size
40KB
-
MD5
3a024dabc9b8413b95d2e8e49e8086c2
-
SHA1
7626b676b0b6c0e79b02f83a2fd23149008e7095
-
SHA256
57065012bfde815d823622b64490b0a8f7d640c2762e91fc55cf44159d34c041
-
SHA512
4d5e1d5a1f81dc5fe71ecffaaa3cf3de9cd67ed29d8240f96666a969356bfb694fd04999835a8c211ee40b2e7b59954aa11994aac8ac0cc4521ba631ce461c93
-
SSDEEP
768:MS1u5ZX/DLepH32aKx96VEyA+8sk1UnNtL41vTScciB:MR/Opw6Ci8lUnNN4dTS3iB
Score3/10 -
-
-
Target
Modules/ists.dll
-
Size
269KB
-
MD5
78bed877a9d9564205e98359650a9246
-
SHA1
e4bd50f48bdc9260e36bfd2731d8d85de162bfbc
-
SHA256
a2ec95353203228e798a685de97f04ac27cf9561907b559bf8f252c9425ee817
-
SHA512
267d2c9461432d8da70a65b64238680c30fe577f31e6960e9b32c9f55bf63ad0893164c521b0e3d6ec8dc21fcf206adc9f27529514960861c2fae928669138f4
-
SSDEEP
3072:pAIj6X3k1npXjKT0p9JO1X8gD49pWLUkfXwVac1+3owWiqG3IN3VXRESp9SXk:pAo6EFNju0dsFMCUko7ieRvp9x
Score3/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1