Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
70e33b00d35...18.exe
windows7-x64
70e33b00d35...18.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/UAC.dll
windows7-x64
3$PLUGINSDIR/UAC.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3$TEMP/Tool...ke.exe
windows7-x64
7$TEMP/Tool...ke.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...om.dll
windows7-x64
5$PLUGINSDI...om.dll
windows10-2004-x64
5$PLUGINSDI...dt.dll
windows7-x64
3$PLUGINSDI...dt.dll
windows10-2004-x64
3$R0.dll
windows7-x64
6$R0.dll
windows10-2004-x64
6$R2/NSIS.L...4_.exe
windows7-x64
1$R2/NSIS.L...4_.exe
windows10-2004-x64
3General
-
Target
0e33b00d35c755562043fe7fe9b7ae77_JaffaCakes118
-
Size
2.3MB
-
Sample
241003-gf92es1enc
-
MD5
0e33b00d35c755562043fe7fe9b7ae77
-
SHA1
a90f1b32e7680df523287a8a6394b66ff274497b
-
SHA256
bc54c023051826946addecb5d79d6d803ef9954284acb58f340344765ee232bc
-
SHA512
260e7b5ec24020bd5346494994093aef95442beb131dd1d71736022e17f055bce078b3406e5ec5cb244b8b4d26d6fe8e83ffb171e9082efb9774fed0a042d707
-
SSDEEP
24576:06lzh36fbL0ySYK63k4yO6AbzppgJLo01dvXjyolmkHCAi1WcrtpIqj7mEeKu2xQ:9AO6TN6ZLbdzlmaCAcjIO7I2QnjiY
Behavioral task
behavioral1
Sample
0e33b00d35c755562043fe7fe9b7ae77_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
0e33b00d35c755562043fe7fe9b7ae77_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/UAC.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/UAC.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
$TEMP/Toolbar_Phpnuke.exe
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
$TEMP/Toolbar_Phpnuke.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral25
Sample
$PLUGINSDIR/nsRandom.dll
Resource
win7-20240708-en
Behavioral task
behavioral26
Sample
$PLUGINSDIR/nsRandom.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
$PLUGINSDIR/nsisdt.dll
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
$PLUGINSDIR/nsisdt.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral29
Sample
$R0.dll
Resource
win7-20240708-en
Behavioral task
behavioral30
Sample
$R0.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral31
Sample
$R2/NSIS.Library.RegTool.v3.$_4_.exe
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
$R2/NSIS.Library.RegTool.v3.$_4_.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
0e33b00d35c755562043fe7fe9b7ae77_JaffaCakes118
-
Size
2.3MB
-
MD5
0e33b00d35c755562043fe7fe9b7ae77
-
SHA1
a90f1b32e7680df523287a8a6394b66ff274497b
-
SHA256
bc54c023051826946addecb5d79d6d803ef9954284acb58f340344765ee232bc
-
SHA512
260e7b5ec24020bd5346494994093aef95442beb131dd1d71736022e17f055bce078b3406e5ec5cb244b8b4d26d6fe8e83ffb171e9082efb9774fed0a042d707
-
SSDEEP
24576:06lzh36fbL0ySYK63k4yO6AbzppgJLo01dvXjyolmkHCAi1WcrtpIqj7mEeKu2xQ:9AO6TN6ZLbdzlmaCAcjIO7I2QnjiY
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
325b008aec81e5aaa57096f05d4212b5
-
SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3
-
SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
-
SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
-
SSDEEP
192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score3/10 -
-
-
Target
$PLUGINSDIR/LangDLL.dll
-
Size
5KB
-
MD5
9384f4007c492d4fa040924f31c00166
-
SHA1
aba37faef30d7c445584c688a0b5638f5db31c7b
-
SHA256
60a964095af1be79f6a99b22212fefe2d16f5a0afd7e707d14394e4143e3f4f5
-
SHA512
68f158887e24302673227adffc688fd3edabf097d7f5410f983e06c6b9c7344ca1d8a45c7fa05553adcc5987993df3a298763477168d4842e554c4eb93b9aaaf
-
SSDEEP
48:iV6pAvmNC6iMPUptxEZK65x/AmvycNSmwVsOYJyvrpXptp/JvR0Jlof5d2:2811GED5ZTvycNSmwVsTJuftpZR0Sd2
Score3/10 -
-
-
Target
$PLUGINSDIR/NSISdl.dll
-
Size
14KB
-
MD5
a5f8399a743ab7f9c88c645c35b1ebb5
-
SHA1
168f3c158913b0367bf79fa413357fbe97018191
-
SHA256
dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9
-
SHA512
824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977
-
SSDEEP
192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
c17103ae9072a06da581dec998343fc1
-
SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
-
SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
-
SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
$PLUGINSDIR/UAC.dll
-
Size
17KB
-
MD5
09caf01bc8d88eeb733abc161acff659
-
SHA1
b8c2126d641f88628c632dd2259686da3776a6da
-
SHA256
3555afe95e8bb269240a21520361677b280562b802978fccfb27490c79b9a478
-
SHA512
ef1e8fc4fc8f5609483b2c459d00a47036699dfb70b6be6f10a30c5d2fc66bae174345bffa9a44abd9ca029e609ff834d701ff6a769cca09fe5562365d5010fa
-
SSDEEP
384:w9JzaeWrF8d22hXAGFkr2WqErkuCYMAWS5Ns8AXXki:wLaBrrTXr3qruCYuS5qk
Score3/10 -
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
6KB
-
MD5
acc2b699edfea5bf5aae45aba3a41e96
-
SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2
-
SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e
-
SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe
-
SSDEEP
96:M7GUb+YNfwgcr8zyKwZ5S4JxN8BS0ef9/3VI9d0qqyVgNk32E:eKgfwgcr8zylsB49Ud0qJVgNX
Score3/10 -
-
-
Target
$TEMP/Toolbar_Phpnuke.exe
-
Size
210KB
-
MD5
1e3e68a0a110922361890ff0de710d74
-
SHA1
adf466a53c099099541e48655118e2dfeea75be2
-
SHA256
0930a168d6c22438d2d55cda730b93b330e849325d6ac47590682b3417541baf
-
SHA512
3a769923b6822dc4d62f3bde718efa87c3da8d5fa7237128236c6249e0d4a1345c0c1b23fdf669052ae30551ac79258ab9e654eb44480b7f0033ea460562f565
-
SSDEEP
3072:OLk395hYXJN3rSx0M1BnmSplKPl/L49qqw2LsFLK2pJBdEjy4RP/tsFLK2pJBdEb:OQq3W2M3mWsoBL8N7jEjt5V8N7jEjt/5
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
325b008aec81e5aaa57096f05d4212b5
-
SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3
-
SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
-
SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
-
SSDEEP
192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score3/10 -
-
-
Target
$PLUGINSDIR/LangDLL.dll
-
Size
5KB
-
MD5
9384f4007c492d4fa040924f31c00166
-
SHA1
aba37faef30d7c445584c688a0b5638f5db31c7b
-
SHA256
60a964095af1be79f6a99b22212fefe2d16f5a0afd7e707d14394e4143e3f4f5
-
SHA512
68f158887e24302673227adffc688fd3edabf097d7f5410f983e06c6b9c7344ca1d8a45c7fa05553adcc5987993df3a298763477168d4842e554c4eb93b9aaaf
-
SSDEEP
48:iV6pAvmNC6iMPUptxEZK65x/AmvycNSmwVsOYJyvrpXptp/JvR0Jlof5d2:2811GED5ZTvycNSmwVsTJuftpZR0Sd2
Score3/10 -
-
-
Target
$PLUGINSDIR/NSISdl.dll
-
Size
14KB
-
MD5
a5f8399a743ab7f9c88c645c35b1ebb5
-
SHA1
168f3c158913b0367bf79fa413357fbe97018191
-
SHA256
dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9
-
SHA512
824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977
-
SSDEEP
192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
c17103ae9072a06da581dec998343fc1
-
SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
-
SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
-
SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
$PLUGINSDIR/nsRandom.dll
-
Size
21KB
-
MD5
ab467b8dfaa660a0f0e5b26e28af5735
-
SHA1
596abd2c31eaff3479edf2069db1c155b59ce74d
-
SHA256
db267d9920395b4badc48de04df99dfd21d579480d103cae0f48e6578197ff73
-
SHA512
7d002dc203997b8a4d8ec20c92cd82848e29d746414f4a61265c76d4afb12c05bce826fc63f4d2bd3d527f38506c391855767d864c37584df11b5db9ca008301
-
SSDEEP
384:LCHDPMs4GdtyO5roguusMxUXiO3wOw95euooP2UgKbd9BvNtf:LCHD6Gh87MKXil/5r2U3z
-
-
-
Target
$PLUGINSDIR/nsisdt.dll
-
Size
5KB
-
MD5
df4795dfabe3bc9278a73d496cc4b40d
-
SHA1
2648ded47e29ecf3e1a1cc20c631e83caf566897
-
SHA256
2261027077f23c8dba6b72af28862832aaa059740d0f5634b46cabb14326dd10
-
SHA512
013d9712c3d699a7f41ab3e55931c9abb421fb2eda3542da5a4831ad2f073a1b0643120cc78147db0bfcd01df98ade3045ecb2f1e252fff1dc40be845e5ae303
-
SSDEEP
24:etGSyYi61xyMmuEwv61OVXOwr+t5blXgO8ELnD3TPrHjf7Xz5CY1aeBEW58q6TvK:6y2xyNuEwWwU5blmPeB958xTvT7L/
Score3/10 -
-
-
Target
$R0
-
Size
76KB
-
MD5
ee5fb0fd8c2d19d90e8fad8e8636a38e
-
SHA1
5d41abc6c1e69e72466eeb4e4f2128ac0343bb16
-
SHA256
02e1d44c854de1f8400a1cc24c2ba89efec402cf327dd192b0c581c6e01dede9
-
SHA512
607212af21ecd1d0bb0f308f566a457c8ed57d71eb4848242f5efe450de149b232c0953dde49140a8b4e6571fabbc21196272a1a856a6b34cb2da27c38def68f
-
SSDEEP
1536:i9WOwFoMsRscYxgzD9Fs8DgbSXNNB7vrf52rTYa:iP2/IhDFX3Brf52rTh
-
-
-
Target
$R2/NSIS.Library.RegTool.v3.$_4_.exe
-
Size
5KB
-
MD5
1f694e53532eb452ce7ae7f4523fde76
-
SHA1
59609431a30f3a01aa07003dd09e9600961fbc2f
-
SHA256
13e8d49e4729e2e6f71956770582c1ec2b632068a3cc9eb8fdc7a3428bab151c
-
SHA512
046334e0ea75227938c706c2fa7a7ca64cc10433eeeb1835a045f5a079beceb1a059e44f348d2f1d6e2797de966c3004f3a9c37b78a1b18c90fb851edeac38f9
-
SSDEEP
96:GFw199Edyn/3sxi2sS8HVrqbdC9Xh+MClQGZ56:D19CgfsbsS8HVWbd9XlQGZ5
Score3/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1