Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

cdfc421d78...18.exe

windows7-x64

8

cdfc421d78...18.exe

windows10-2004-x64

8

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

7

$PLUGINSDI...ll.dll

windows10-2004-x64

7

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$TEMP/$_83_/ists.dll

windows7-x64

3

$TEMP/$_83_/ists.dll

windows10-2004-x64

3

GamesBot.exe

windows7-x64

6

GamesBot.exe

windows10-2004-x64

6

GamesBotSvc.exe

windows7-x64

1

GamesBotSvc.exe

windows10-2004-x64

3

Modules/7z.dll

windows7-x64

3

Modules/7z.dll

windows10-2004-x64

3

Modules/Base.dll

windows7-x64

3

Modules/Base.dll

windows10-2004-x64

3

Modules/alzm.dll

windows7-x64

3

Modules/alzm.dll

windows10-2004-x64

3

Modules/brs.dll

windows7-x64

3

Modules/brs.dll

windows10-2004-x64

3

Modules/cmd.dll

windows7-x64

3

Modules/cmd.dll

windows10-2004-x64

3

Modules/inws.dll

windows7-x64

3

Modules/inws.dll

windows10-2004-x64

3

Modules/ists.dll

windows7-x64

3

Modules/ists.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cdfc421d78794c2238c5d4d9a83c4486_JaffaCakes118

  • Size

    2.5MB

  • Sample

    240901-b92z1syalq

  • MD5

    cdfc421d78794c2238c5d4d9a83c4486

  • SHA1

    df7e87b7e42a9927dbec803f3bd2e3121e90ad00

  • SHA256

    1048dc935e56622222c56b9afc9695fd83dd5ed9a567b2207e6e65ad71ec5254

  • SHA512

    00f238548be91c7daf75c4c6b9349ea17b1a214e5825f28a4e15b379a58fdb65d1e2a4887b0aac8db942521855935a0cd49e02c2535873f319734c8b87944c1b

  • SSDEEP

    49152:626OIzZTCw0Pelu8G5Uo7kUmutNPpJ6Qmub1F1ZMV:6hp90PeoVOoAqBcQDbNZA

Score
8/10
discoverypersistenceupx

Malware Config

Targets

    • Target

      cdfc421d78794c2238c5d4d9a83c4486_JaffaCakes118

    • Size

      2.5MB

    • MD5

      cdfc421d78794c2238c5d4d9a83c4486

    • SHA1

      df7e87b7e42a9927dbec803f3bd2e3121e90ad00

    • SHA256

      1048dc935e56622222c56b9afc9695fd83dd5ed9a567b2207e6e65ad71ec5254

    • SHA512

      00f238548be91c7daf75c4c6b9349ea17b1a214e5825f28a4e15b379a58fdb65d1e2a4887b0aac8db942521855935a0cd49e02c2535873f319734c8b87944c1b

    • SSDEEP

      49152:626OIzZTCw0Pelu8G5Uo7kUmutNPpJ6Qmub1F1ZMV:6hp90PeoVOoAqBcQDbNZA

    Score
    8/10
    discoveryupx

    • Blocklisted process makes network request

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/ShellExecAsUser.dll

    • Size

      83KB

    • MD5

      0f2f0c6e86ed89e355be8b39e159fad0

    • SHA1

      970a0f7df2a32325019a8c24de592beec490d63e

    • SHA256

      e79fcb76e289709cf59c7d73a6d142193cdd3a94c1b5f318d320e52dcc76daf9

    • SHA512

      ab5223e6aec8b94151e595d788c77686a31f00615b5e1de02b07aa7c5e439a90ed8333f4bbc0fe1c50baa6e3b36404f972249aafd148bbf3a60fe302cac761dc

    • SSDEEP

      1536:T1kYvp+3iQfAsjms/38JWfLydNiZwEc0boX9TsWjcdNleSVgzlW:prRvQ4sKs/34s/icN3VghW

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/StartMenu.dll

    • Size

      7KB

    • MD5

      4206ac12a66dd61b2913f158488db070

    • SHA1

      589a65a8f2b40d9e821e47bc66fd5bb3848d6f77

    • SHA256

      4b722e1b2445fe8030194ba2ae1f573bc8e13dc3c028ce22312ea9848c584449

    • SHA512

      a6a1bd423f222dd28277831eb01a14179ea67fb4d7c2b498cf0684185caf7d44a1378faf3a3933a6ce5bed5f5824d011b4a0f6558c3b5d8e84cb5a2bfe455a67

    • SSDEEP

      96:o8dPIKJhMuhik+CfoEwknt6io8zv+qy5/utta/P3lkCTcaqHCI:1ZIKXgk+cx6QYFkAvlncviI

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      3e6bf00b3ac976122f982ae2aadb1c51

    • SHA1

      caab188f7fdc84d3fdcb2922edeeb5ed576bd31d

    • SHA256

      4ff9b2678d698677c5d9732678f9cf53f17290e09d053691aac4cc6e6f595cbe

    • SHA512

      1286f05e6a7e6b691f6e479638e7179897598e171b52eb3a3dc0e830415251069d29416b6d1ffc6d7dce8da5625e1479be06db9b7179e7776659c5c1ad6aa706

    • SSDEEP

      192:eP24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlbSl:T8QIl975eXqlWBrz7YLOlb

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/md5dll.dll

    • Size

      6KB

    • MD5

      7059f133ea2316b9e7e39094a52a8c34

    • SHA1

      ee9f1487c8152d8c42fecf2efb8ed1db68395802

    • SHA256

      32c3d36f38e7e8a8bafd4a53663203ef24a10431bda16af9e353c7d5d108610f

    • SHA512

      9115986754a74d3084dd18018e757d3b281a2c2fde48c73b71dba882e13bd9b2ded0e6e7f45dc5b019e6d53d086090ccb06e18e6efeec091f655a128510cbe51

    • SSDEEP

      96:5mArJv6F3TqDmgK4ghEin1US36eHQZDUDgGogZcko5Nt4AMP:5XJ63LhR6inZ6dsgZkKQT

    Score
    7/10
    discoveryupx

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral10behavioral9

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      dbdbf4017ff91c9de328697b5fd2e10a

    • SHA1

      b597a5e9a8a0b252770933feed51169b5060a09f

    • SHA256

      be60a00f32924ccbe03f9914e33b8e1ad8c8a1ca442263a69896efba74925b36

    • SHA512

      3befc15aab0a5dbe7fde96155b0499d385f2799b1a2d47ce04f37b5804006b1c6c4fff93d3cedb56a2a8172b23752b6f9dc6168cfce3596b91def3247836cf10

    • SSDEEP

      96:33YnIxFkDUGZpKSmktse3GpmD8pevbE9cxSgB5PKtAtYE9v5E9KntrmfVEB3YdkS:33YIvGZDdtP8pevbg0PuAYK56NyoIFI

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      $TEMP/$_83_/ists.dll

    • Size

      269KB

    • MD5

      78bed877a9d9564205e98359650a9246

    • SHA1

      e4bd50f48bdc9260e36bfd2731d8d85de162bfbc

    • SHA256

      a2ec95353203228e798a685de97f04ac27cf9561907b559bf8f252c9425ee817

    • SHA512

      267d2c9461432d8da70a65b64238680c30fe577f31e6960e9b32c9f55bf63ad0893164c521b0e3d6ec8dc21fcf206adc9f27529514960861c2fae928669138f4

    • SSDEEP

      3072:pAIj6X3k1npXjKT0p9JO1X8gD49pWLUkfXwVac1+3owWiqG3IN3VXRESp9SXk:pAo6EFNju0dsFMCUko7ieRvp9x

    Score
    3/10
    discovery
    behavioral13behavioral14

    • Target

      GamesBot.exe

    • Size

      377KB

    • MD5

      92a0507bf7612b650cff53899ac0297c

    • SHA1

      3182d4e6fd16bdea70bc041cb74e45e6df5e8c7b

    • SHA256

      cd96224146e69b55fa48f0fde267aee8d0250f16a964e2763d381914fbb29a24

    • SHA512

      95f885ee403da0b5adae5a628e1b46d24b902fb0238121fa02383877ea816de788161e91c234f8650552aaa6a7f5f0dcf3b604d111b65c38a58fb8f6af0e0a16

    • SSDEEP

      6144:1aCrb2zovQY0jPytboO+vYFkUjk4XqprPn3yJ8eJnX7hfK3lUaCS9MzC:kCrb2OQY0TyyOekI1wJX7dICSG2

    Score
    6/10
    discoverypersistence
    behavioral15behavioral16

    • Target

      GamesBotSvc.exe

    • Size

      52KB

    • MD5

      31f3889058133f6e133c8fedfeaa2e9c

    • SHA1

      543605dadcc981de1070ee1171254a4847cec3e8

    • SHA256

      eebfe740da31d98b0dd1350aac9ce03f90f2869ff99c6882809c4edcaeb244c9

    • SHA512

      917ddb183f0309072aff4864404bf3cddab4bb990c1260a61ecbac22017ba93df6c488bf9f76b78e73392bdfd757666cef780f661bb5b31698965b841f829625

    • SSDEEP

      1536:iTLslMp+Li9o58qYSHw2rdvSKFtwVU+iKu/Z8GTS3ip:Qgq+z58qYurdvSKHwVPBuh8H+

    Score
    3/10
    discovery
    behavioral17behavioral18

    • Target

      Modules/7z.dll

    • Size

      893KB

    • MD5

      04ad4b80880b32c94be8d0886482c774

    • SHA1

      344faf61c3eb76f4a2fb6452e83ed16c9cce73e0

    • SHA256

      a1e1d1f0fff4fcccfbdfa313f3bdfea4d3dfe2c2d9174a615bbc39a0a6929338

    • SHA512

      3e3aaf01b769471b18126e443a721c9e9a0269e9f5e48d0a10251bc1ee309855bd71ede266caa6828b007359b21ba562c2a5a3469078760f564fb7bd43acabfb

    • SSDEEP

      24576:TW+wsDaQw6DDz3qRyPnmGfrnvVUKueY8RmneWtJ:TasY6DwOBfrnvV7UeWt

    Score
    3/10
    discovery
    behavioral19behavioral20

    • Target

      Modules/Base.dll

    • Size

      106KB

    • MD5

      df264efa2c5285aab9700b30afcf5852

    • SHA1

      1f8e3d1577b7f416ec763f2c8c585b8647ddb6db

    • SHA256

      027cf7f9074a2306ad323254a79205f33b2ec24085a93efe186057230121755a

    • SHA512

      ad0b1dd7a5f658d8c7b408455dd87bfc87b1690f6ee355a88287e8e96adc609dabc94ca831cda42b156480c21b760ea8093df5af26bcadb0259bdee5cc8fb069

    • SSDEEP

      3072:WI6YCV7JGhaLWXg91eTzN1q/jva8I/+/VZM4vCo2:WI6YCjFSXgzed2La8I/+/VZM4vC

    Score
    3/10
    discovery
    behavioral21behavioral22

    • Target

      Modules/alzm.dll

    • Size

      38KB

    • MD5

      a1b7e11dd9e80402e5654398d65760d2

    • SHA1

      c2e05af5b57f5ef0f77c905780e799cc48fe8e91

    • SHA256

      ca3837873f2fd36d4646769990ddef0a5d3549bccb1d11174d37b493c4e31b8d

    • SHA512

      f328478f6e2681319f5a824737818f75d7ee9c7f8c1f63ce2a8e9813c87fd71118a00547664965f6c4d79b888fa473011578c5c0491faeccfd6908cb3cff0425

    • SSDEEP

      768:8/PidxjnQyslT/H4mKFnYzNjMLwpr3TScciY:sPidtnPgrHpzNoMpzTS3iY

    Score
    3/10
    discovery
    behavioral23behavioral24

    • Target

      Modules/brs.dll

    • Size

      115KB

    • MD5

      6ebfb697f7b8b0b3399c6e845e9b12ba

    • SHA1

      705f93bd0f390d8b6d533f20823a8d9f9300856c

    • SHA256

      eab7e27c292aa35c661e01d71ec91f0503c915742ba04135da3eb4ad931db8f5

    • SHA512

      f5499b172b704d069c83b6d5fb7a206f11db3206061aad01de69a04d0d7b9f5e4fa8a5645259c8e612a416fa6f022b8e9c6041b8e344b2c783549477faa95f13

    • SSDEEP

      3072:DKnpWlIy5P6DEb1j8+D/4imoUIXTw6JTKwOd2/EBX:MpWlRZ6Daj8+Fjzubd2/EB

    Score
    3/10
    discovery
    behavioral25behavioral26

    • Target

      Modules/cmd.dll

    • Size

      90KB

    • MD5

      8da6472a042621a7962944e4bd867827

    • SHA1

      0265d5935233085b047481c985273f02954c970b

    • SHA256

      bd585d81b520a5c3b750f8a3545b180c7b7a32f36565cfe0afde46ec73494682

    • SHA512

      bdda42ff95e76fa5ab9f5af961bb73aed08b00963efdcc353e5e7c425599ec364af980f7970357ed844747953211a97ba42c0de8ad104f9b78736be15cf51ccd

    • SSDEEP

      1536:NX7wnCPGC1TRbTVyxFQQgwyJ3lKDm6OXQtsWhDgI5LqdUBPD/M3bUPTS3igf:NrNGeZTV0QQglJ3xAtsWhDg+qdUFD/MF

    Score
    3/10
    discovery
    behavioral27behavioral28

    • Target

      Modules/inws.dll

    • Size

      40KB

    • MD5

      3a024dabc9b8413b95d2e8e49e8086c2

    • SHA1

      7626b676b0b6c0e79b02f83a2fd23149008e7095

    • SHA256

      57065012bfde815d823622b64490b0a8f7d640c2762e91fc55cf44159d34c041

    • SHA512

      4d5e1d5a1f81dc5fe71ecffaaa3cf3de9cd67ed29d8240f96666a969356bfb694fd04999835a8c211ee40b2e7b59954aa11994aac8ac0cc4521ba631ce461c93

    • SSDEEP

      768:MS1u5ZX/DLepH32aKx96VEyA+8sk1UnNtL41vTScciB:MR/Opw6Ci8lUnNN4dTS3iB

    Score
    3/10
    discovery
    behavioral29behavioral30

    • Target

      Modules/ists.dll

    • Size

      269KB

    • MD5

      78bed877a9d9564205e98359650a9246

    • SHA1

      e4bd50f48bdc9260e36bfd2731d8d85de162bfbc

    • SHA256

      a2ec95353203228e798a685de97f04ac27cf9561907b559bf8f252c9425ee817

    • SHA512

      267d2c9461432d8da70a65b64238680c30fe577f31e6960e9b32c9f55bf63ad0893164c521b0e3d6ec8dc21fcf206adc9f27529514960861c2fae928669138f4

    • SSDEEP

      3072:pAIj6X3k1npXjKT0p9JO1X8gD49pWLUkfXwVac1+3owWiqG3IN3VXRESp9SXk:pAo6EFNju0dsFMCUko7ieRvp9x

    Score
    3/10
    discovery
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
7/10

behavioral1

discoveryupx
Score
8/10

behavioral2

discoveryupx
Score
8/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discoveryupx
Score
7/10

behavioral10

discoveryupx
Score
7/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discoverypersistence
Score
6/10

behavioral16

discoverypersistence
Score
6/10

behavioral17

Score
1/10

behavioral18

discovery
Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

discovery
Score
3/10

behavioral26

discovery
Score
3/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

discovery
Score
3/10

behavioral30

discovery
Score
3/10

behavioral31

discovery
Score
3/10

behavioral32

discovery
Score
3/10