Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
30904efe9f6...18.exe
windows7-x64
70904efe9f6...18.exe
windows10-2004-x64
7$PLUGINSDI...nu.dll
windows7-x64
3$PLUGINSDI...nu.dll
windows10-2004-x64
3$TEMP/netddee.exe
windows7-x64
7$TEMP/netddee.exe
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$SYSDIR/$S...1_.exe
windows7-x64
7$SYSDIR/$S...1_.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$SYSDIR/$_5_.dll
windows7-x64
6$SYSDIR/$_5_.dll
windows10-2004-x64
6$TEMP/setup.exe
windows7-x64
7$TEMP/setup.exe
windows10-2004-x64
7$PLUGINSDI...ol.dll
windows7-x64
3$PLUGINSDI...ol.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
3$PLUGINSDI...ll.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/UAC.dll
windows7-x64
3$PLUGINSDIR/UAC.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3General
-
Target
0904efe9f63a556f1ea8695cdabadb96_JaffaCakes118
-
Size
1.5MB
-
Sample
241002-fpxl1sscmd
-
MD5
0904efe9f63a556f1ea8695cdabadb96
-
SHA1
0b7eedd5052276e02008f69cb85e7e4d7c5b3535
-
SHA256
4d4a9dd8b239d394f1998b481cdf83f869be2af2d8d568fcb47648d0d42bb71c
-
SHA512
181fae5866bbb2567a43a30ffe2e5ca7a8d016491a66f2b2fc0a725c772cd2e46f806d23ba23946c223ecf7e510657d763f748874f2e3247c035eba1942c3618
-
SSDEEP
49152:NEe3jEfDI94myN4ghZ1KX82Bh/Dd0r/P9JPDdabvwM:NT/9S4OZ1KX880jPfbd0D
Static task
static1
Behavioral task
behavioral1
Sample
0904efe9f63a556f1ea8695cdabadb96_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
0904efe9f63a556f1ea8695cdabadb96_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$TEMP/netddee.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$TEMP/netddee.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
$SYSDIR/$SYSDIR/$_1_.exe
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
$SYSDIR/$SYSDIR/$_1_.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240708-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
$SYSDIR/$_5_.dll
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
$SYSDIR/$_5_.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
$TEMP/setup.exe
Resource
win7-20240708-en
Behavioral task
behavioral18
Sample
$TEMP/setup.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/AccessControl.dll
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/AccessControl.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/DcryptDll.dll
Resource
win7-20240704-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/DcryptDll.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral25
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
$PLUGINSDIR/UAC.dll
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
$PLUGINSDIR/UAC.dll
Resource
win10v2004-20240910-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240704-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
0904efe9f63a556f1ea8695cdabadb96_JaffaCakes118
-
Size
1.5MB
-
MD5
0904efe9f63a556f1ea8695cdabadb96
-
SHA1
0b7eedd5052276e02008f69cb85e7e4d7c5b3535
-
SHA256
4d4a9dd8b239d394f1998b481cdf83f869be2af2d8d568fcb47648d0d42bb71c
-
SHA512
181fae5866bbb2567a43a30ffe2e5ca7a8d016491a66f2b2fc0a725c772cd2e46f806d23ba23946c223ecf7e510657d763f748874f2e3247c035eba1942c3618
-
SSDEEP
49152:NEe3jEfDI94myN4ghZ1KX82Bh/Dd0r/P9JPDdabvwM:NT/9S4OZ1KX880jPfbd0D
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
-
-
Target
$PLUGINSDIR/StartMenu.dll
-
Size
7KB
-
MD5
a4173b381625f9f12aadb4e1cdaefdb8
-
SHA1
cf1680c2bc970d5675adbf5e89292a97e6724713
-
SHA256
7755ff2707ca19344d489a5acec02d9e310425fa6e100d2f13025761676b875b
-
SHA512
fcac79d42862da6bdd3ecad9d887a975cdff2301a8322f321be58f754a26b27077b452faa4751bbd09cd3371b4afce65255fbbb443e2c93dd2cba0ba652f4a82
-
SSDEEP
96:2fiqP7bO2qHkAC40KhvSE+6nrxtMn0iGd88qRLqtJ1tbRhElfRx2:siqP7OHX1Q4xtcf8qo/ttgfRx2
Score3/10 -
-
-
Target
$TEMP/netddee.exe
-
Size
507KB
-
MD5
ad4b2243c131ada12b25cb0334690a62
-
SHA1
811da77cfd2021738196ee13cae9ec9f239b9118
-
SHA256
ac7891555a255a9b7fe04b78ecfb035507414a6a8598422dab771214d1410a46
-
SHA512
ee207f92b0d45dab82b486fda7e5baf7e3a476a2418b866f4e00a15152e0a95284916c04137b19e30e078544c391a84840f6a88efe5558e78058e24b7501d049
-
SSDEEP
12288:mUyg5Z03FxbKz7Vj4X1f6oXXCF9uEYN9k71RqXaJnnb:mUZ5O3F9EpjEfQzI9kBRqKJnnb
Score7/10-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
c17103ae9072a06da581dec998343fc1
-
SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
-
SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
-
SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
$SYSDIR/$SYSDIR/$_1_.exe
-
Size
53KB
-
MD5
874577528befed676900d88050fcc4ab
-
SHA1
418618ad890702b307734b25df7f78fa43fb3a60
-
SHA256
5596504f8ec18128105418f6ec2490a242ed6732eae435b7514d4ad073dbcc42
-
SHA512
fb0e113abc158d8dfd1aa5af907598694ed92d940ffc257e6484796e8dc6c4c12b14d28193cdceaf173a5360b7a117ee572ad58465e1baf9dd5f66e1d56d8e22
-
SSDEEP
768:KHJd0TpH2+bQ2dUWVX9Hfv1JMWmtLEJOyuBxG0D3mjfS3XJVJRn35qlXF3pm0Efd:KpgpHzb9dZVX9fHMvG0D3XJt5q9VSf2k
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
325b008aec81e5aaa57096f05d4212b5
-
SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3
-
SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
-
SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
-
SSDEEP
192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
c17103ae9072a06da581dec998343fc1
-
SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
-
SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
-
SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
$SYSDIR/$_5_
-
Size
877KB
-
MD5
20a9c78acf901dd4328881cc067e336c
-
SHA1
e39e2011c8504dbea9356a0dee4770ea30d95509
-
SHA256
5dc895ed2436461a93e3faf2e89332ad78507608d8249c58b4c093e2d2d3b71e
-
SHA512
7e8483e19bcd1b03099eb7290e4fe32d1b232162da3da67cf29142c33fead4f82e3e6c26094ccb0aadcb7949d8cbb07db5bd56df8e9069a6c67fa2a8c4d51b72
-
SSDEEP
24576:DQJDHPGAzx8GwPiUYUUGQF6mHjdeiv9R7MKR6VuOZ7SmdfN:sJBwQF6mDEivP7xEuOZTfN
Score6/10-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
-
-
Target
$TEMP/setup.exe
-
Size
1.0MB
-
MD5
c54a5bfcba4d9fbe1642188b068bc1e4
-
SHA1
f75f0f4818f53882ab4816d6db8043ecb7306c2c
-
SHA256
57cdd25b0f1d9e6db58d10cdbc49850e2fd71826ec637646703d97df9c148353
-
SHA512
92bd4b7317306f6aebf2f5b72f278908b1326bffe4c4c18fa4d82c9ca4c91d167412b3893c24c12bc0d399d48faf2e4159c60fd7f8a80bfe566258be1a9350ae
-
SSDEEP
24576:sT+PJtXA2ycphiKh77X0A/zEPTRlwp7KwcpgoUMcSa3Hww:m+jXA23h/970A/iU1HDSa3Hww
Score7/10-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/AccessControl.dll
-
Size
10KB
-
MD5
055f4f9260e07fc83f71877cbb7f4fad
-
SHA1
a245131af1a182de99bd74af9ff1fab17977a72f
-
SHA256
4209588362785b690d08d15cd982b8d1c62c348767ca19114234b21d5df74ddc
-
SHA512
a8e82dc4435ed938f090f43df953ddad9b0075f16218c09890c996299420162d64b1dbfbf613af37769ae796717eec78204dc786b757e8b1d13d423d4ee82e26
-
SSDEEP
192:8SEWBGgiJM4LN+xq56XdNcNz/NWdlJmlyOcROQ:8SEPgii9KTzyt
Score3/10 -
-
-
Target
$PLUGINSDIR/DcryptDll.dll
-
Size
18KB
-
MD5
bbda90c18c0cd73917174bb8b82782e2
-
SHA1
8d641f33049dc7fad7ab885134f29f881968f24b
-
SHA256
57a03e767e13d4843a4249116928b57513c6865d81ff583a230485a6ef755c3a
-
SHA512
8698a81573ac295321bc55300f114a50c9428ef56feaa434d84d8fabb0dd098e1b538d247f5aa0524d8e7be7291dd7995f12aee5dc41715be092a27a61ca5e0b
-
SSDEEP
384:nZyQSewDbPmRqcXx2kMPrd9cbkUmR08EMW6:nbtwnmR/xQdckUSEMW6
Score3/10 -
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
325b008aec81e5aaa57096f05d4212b5
-
SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3
-
SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
-
SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
-
SSDEEP
192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
c17103ae9072a06da581dec998343fc1
-
SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
-
SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
-
SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
$PLUGINSDIR/UAC.dll
-
Size
13KB
-
MD5
7f56c0d6a8733dec142814ed5a58b0ee
-
SHA1
c119e66f179cfb758966f3cf878466057bea1840
-
SHA256
86445396775370aff5834f10bda25e505b6f89efc69a04fe1ce46f5d128be73f
-
SHA512
8b3b9bed985b3583b7be8b2197bb068e5d5508f8b5c4a7fc1278b2662dc8d9a53fd6df63f636e44bfc5aa37f030ac76b8d259d6b446bf87d5c72b74ff5b158f3
-
SSDEEP
384:d/lNMKbnRWKYyCvDvQH3yBf/qPNGkVWYyLrcMf9VQ8c:d/lq+RDYJf/qPNGkQ5LrcCQ
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
c10e04dd4ad4277d5adc951bb331c777
-
SHA1
b1e30808198a3ae6d6d1cca62df8893dc2a7ad43
-
SHA256
e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a
-
SHA512
853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e
-
SSDEEP
96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420
Score3/10 -
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
6KB
-
MD5
acc2b699edfea5bf5aae45aba3a41e96
-
SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2
-
SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e
-
SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe
-
SSDEEP
96:M7GUb+YNfwgcr8zyKwZ5S4JxN8BS0ef9/3VI9d0qqyVgNk32E:eKgfwgcr8zylsB49Ud0qJVgNX
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Browser Extensions
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1