Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

0f4cc38d95...18.exe

windows7-x64

7

0f4cc38d95...18.exe

windows10-2004-x64

7

$PLUGINSDI...nt.dll

windows7-x64

3

$PLUGINSDI...nt.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...te.dll

windows7-x64

3

$PLUGINSDI...te.dll

windows10-2004-x64

3

$PLUGINSDI...ry.dll

windows7-x64

3

$PLUGINSDI...ry.dll

windows10-2004-x64

3

ieguideupdate.exe

windows7-x64

3

ieguideupdate.exe

windows10-2004-x64

3

niebar.dll

windows7-x64

5

niebar.dll

windows10-2004-x64

5

niebho.dll

windows7-x64

6

niebho.dll

windows10-2004-x64

6

uninstall.exe

windows7-x64

7

uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...am.dll

windows7-x64

3

$PLUGINSDI...am.dll

windows10-2004-x64

3

$PLUGINSDI...eb.dll

windows7-x64

3

$PLUGINSDI...eb.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0f4cc38d9579d0685b694a70e4e9d7f4_JaffaCakes118

  • Size

    809KB

  • Sample

    241003-shda1s1gpj

  • MD5

    0f4cc38d9579d0685b694a70e4e9d7f4

  • SHA1

    bd083fbe464f773158a2aa3bd1cfc1e6c745786e

  • SHA256

    1257eb42368501130beff8430eb2ddfbf957838f94b1588d857c4ce17040c89c

  • SHA512

    497955a54609ee15f35a55b1e20fd0c5dc00835896b13752c52a136dab2ac2ba7576aac9df989e6b22e843e034db1169e51ec2fe5823d28d35289287214a5157

  • SSDEEP

    24576:9Vgb7BQPNOiFr9vk4ZhI119U0FH5wcf5eY:9cBY5Fr9vk4Zha193ZwcZ

Score
7/10
adwarediscoverypersistencestealerupx

Malware Config

Targets

    • Target

      0f4cc38d9579d0685b694a70e4e9d7f4_JaffaCakes118

    • Size

      809KB

    • MD5

      0f4cc38d9579d0685b694a70e4e9d7f4

    • SHA1

      bd083fbe464f773158a2aa3bd1cfc1e6c745786e

    • SHA256

      1257eb42368501130beff8430eb2ddfbf957838f94b1588d857c4ce17040c89c

    • SHA512

      497955a54609ee15f35a55b1e20fd0c5dc00835896b13752c52a136dab2ac2ba7576aac9df989e6b22e843e034db1169e51ec2fe5823d28d35289287214a5157

    • SSDEEP

      24576:9Vgb7BQPNOiFr9vk4ZhI119U0FH5wcf5eY:9cBY5Fr9vk4Zha193ZwcZ

    Score
    7/10
    adwarediscoverypersistencestealerupx

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/DLLWebCount.dll

    • Size

      28KB

    • MD5

      d825e4003d1697fd4bc45361e222746c

    • SHA1

      e9d4b1073aac15d4dbb430471fcaea549e633d13

    • SHA256

      c79e4be74eecf16f2f7f1d39724c938bf372e9568bb96fa4610926a57fe323f5

    • SHA512

      7740a18cae5a42963c748a49ac6175482c93b34dce703a7cf24f5828ee6cdc19eb2669a634b64c2a4c861272f7e9b9e943455195a7cd6afcd8fa5586744eb86f

    • SSDEEP

      96:unHQKcixlYedrGcCM4JuGylQu4BudGaFHiYueH:uHJciUM4JmuLYdbFHiRe

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/FindProcDLL.dll

    • Size

      31KB

    • MD5

      83cd62eab980e3d64c131799608c8371

    • SHA1

      5b57a6842a154997e31fab573c5754b358f5dd1c

    • SHA256

      a6122e80f1c51dc72770b4f56c7c482f7a9571143fbf83b19c4d141d0cb19294

    • SHA512

      91cfbcc125600ec341f5571dcf1e4a814cf7673f82cf42f32155bd54791bbf32619f2bb14ae871d7996e9ddecdfcc5db40caa0979d6dfba3e73cfe8e69c163c9

    • SSDEEP

      384:1NWlNdqdAnhTKMLE2oIM05fnqCiWg3Yy9kflIinokN:1NWtqdihTKCldkYwkdpnoy

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      13KB

    • MD5

      d765c492c21689e3d9d61634371fd861

    • SHA1

      ac200933671ae52c9d5544d0e2e8e9144d286c83

    • SHA256

      551e6042dd494ea01549555ffc194ab9729da09058ec714eb368dd06642c9bbc

    • SHA512

      9919a9e848c8f1e26c75d0d29207571e4b86a4140bd554743d2c1f8bd7f386fe4919345b163d89a5d907fb165e435ba0ac5f6b1101713636141f156a420e2e0f

    • SSDEEP

      192:9B6RvrfvOuJQDghBy/X7QKq3TLGciZJf0EzWzMnz6WoF1dBs:v6RrviWaX7eiZJ7nz6bB

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/SelfDelete.dll

    • Size

      24KB

    • MD5

      7bf1bd7661385621c7908e36958f582e

    • SHA1

      43242d7731c097e95fb96753c8262609ff929410

    • SHA256

      c0ad2c13d48c9fe62f898da822a5f08be3bf6c4e2c1c7ffdf7634f2ca4a8859e

    • SHA512

      8317af5cc3ac802eb095f3fa8cc71daa1265ca58fead031c07872f3d4bb07663a7002ae734fad392a7617f0923fe0caf1f54ed55afdf8516a6a08e202d86fa7f

    • SSDEEP

      96:1dIrJYYrzPpqAAZ9sNIaI2y9WulXEGNRrG:nuYATpq/viyYuEYRr

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      $PLUGINSDIR/registry.dll

    • Size

      17KB

    • MD5

      1af237911f21e78a1f118b14f9da3994

    • SHA1

      b26a3ae43c22758a551744fdce89d8290b7e0059

    • SHA256

      4f96dd3fd555a699998440f68fd881b402b7ac7a5123eec423e2173c8535bf50

    • SHA512

      116cee1cb86b59660b9c9946c60864b7ade6b7c669da2c701b87d5d0e9ef3f72b9c9a27ece5893f1f68580c7fc9dbeced5f0145204231a2ecb595c2403a27cab

    • SSDEEP

      384:YByJa/JUPrLy8kXSmY+EZsvR5TCD12ZhtV05D34cN:YsJaRwrLYXYM5OZ2xgDr

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      ieguideupdate.exe

    • Size

      268KB

    • MD5

      d33fa2ec8ed41350b2531c6777e5b5bb

    • SHA1

      43ff92a02246aaaa9173c8b19d642c34a8603b9a

    • SHA256

      9cdfc5137179f8d4216703c4ffc8cb344de6b2663b6245aecde374333a0e58fb

    • SHA512

      91da28d809d7e1e62f7c44fc75b30fca188e9289f7c7aa49cb393d08be1cc28c5f86dcb18f3e1ab8557c9081ba5de63a4def07ae73f9231d9ac46cada3fa37ef

    • SSDEEP

      3072:mIRtq3T02XfawHKzzzzzzzzzzD4QXCwooooooooooQ8:r3FGfa4KzzzzzzzzzzD4QXC

    Score
    3/10
    discovery
    behavioral13behavioral14

    • Target

      niebar.dll

    • Size

      253KB

    • MD5

      cb504a159d0c8ace5562e85613540219

    • SHA1

      9c5b9ccddadc60d6dd218533c80935a6bcc1aa4e

    • SHA256

      1ff0c6b1d48dc340c5c7113768fbdca3b3baaecf59f944e4d0be5231e24e75eb

    • SHA512

      30477727ad38a66d09b992f6c907b2dde949819d2ae732f276c47bd05ce2fbcc4d3a39e0562c3371e761e4efdae585942288c6e2e1fc53cc1945a2f35990b872

    • SSDEEP

      6144:8eWm+TmuHTia7tsU0B9xfYW+BCexidmwExwT53CHly:8e1+SuHTR7GU0n1N+Udmw4GCHl

    Score
    5/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral15behavioral16

    • Target

      niebho.dll

    • Size

      342KB

    • MD5

      35c2f42baafeec096c05f8eaf4f90970

    • SHA1

      12879beacc1ba299d94fcf8d974728414c4a8ea6

    • SHA256

      2f716bfe44872120b6209615b274be513460e1323c525b27640eedfa4ebb6723

    • SHA512

      4576b711c2c24113ac7f42f3e60efd9c63984de053647257463bec5d984fbfc1da20cb25892c8453dfafcb47201a96218595e0f9baf6da9b9f02d5d7cced12e5

    • SSDEEP

      6144:AYH33b6woZYNfw2e2m/FepkmqzEYNk3KwKYlA0roOI3XDbr6j9hRjZacq:AI3b6wx122m/Fepkmqz9NaKwKX0xI3T0

    Score
    6/10
    adwarediscoverystealerupx

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral17behavioral18

    • Target

      uninstall.exe

    • Size

      117KB

    • MD5

      6ee2d080335ebf6fbf117fd0991cf7a5

    • SHA1

      71d5bb5bd498cdd7412df66c0b87a270d3e334bb

    • SHA256

      e96a352c41770da58451ceeac5d1427e171f584d2253032d9e53f2321634ecd6

    • SHA512

      6b7f21a2076fe79832fb7801c3cafbea5c2984e4ae5546725063fdec8eeeb76426a8acfc706ad6aa1938e28b45ce1f88c7b0d23d2f6b03794bc146796dbc1f3c

    • SSDEEP

      3072:811Z4TOoD2mJF6fxdvbOgCVuKgECeEqG9hBsfUQsNzQO:89/M6zDQnShBsNsNR

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral19behavioral20

    • Target

      $PLUGINSDIR/DLLWaitForKillProgram.dll

    • Size

      28KB

    • MD5

      9c4b8ec42d89f7557bfd90798ce52787

    • SHA1

      2376dde426ea65aa27c30e304086310605382475

    • SHA256

      ed52bdad7b383a179b9b0e21fefdda2d72695c5263a815d5e1e0bfac6c718548

    • SHA512

      17c12a27a08746755868558c037376dd7e20f03f0f71888c1329903b70975a54f57786c3c32bf88aaf30119f11ed978a6830ba91949e11cfc94fbb5ad95305b7

    • SSDEEP

      96:EP5ZuFye0MyQW4uPwhs+R/+gFrE1m/U/uG98bp2y+HS21kEZ1b+4Tu9C1uGg8wBu:akFyFRQ5wIzlH/UGq36EZY4T+Gul8U

    Score
    3/10
    discovery
    behavioral21behavioral22

    • Target

      $PLUGINSDIR/DLLWeb.dll

    • Size

      28KB

    • MD5

      598230e369b14593f2079285cae1e70f

    • SHA1

      6c4ad18a3cdd19a2d04da9f593836bd21fe68825

    • SHA256

      33052ed4e2c3f7b3c8c202e511335a1c0e4808e93324541d41589ec30635d902

    • SHA512

      83ce30f14c794db8f5c7a9b727252c4e040ccd08b3f914db4a853a1ce0756ceabac527d3a0d0f10e0f3616858db14e75cb0824b7151ad3eb83b045ff6dc197d0

    • SSDEEP

      96:wB8KzN/0AatJ/l7kvBBNO7HFi0un2vx2YHFI3zj+ueBudGa5Xc:wbN/HatJ/uvBO7xX2Y2jyZYdb6

    Score
    3/10
    discovery
    behavioral23behavioral24

    • Target

      $PLUGINSDIR/IEFunctions.dll

    • Size

      3KB

    • MD5

      9701818d39318145dd164794ef3a3846

    • SHA1

      7db701f8dc19163d46ba88e8b68d8dbf428a8152

    • SHA256

      3122b0413f74e88518cfd1b9c6e18435dd326ca177a2374b6405df78f43e776a

    • SHA512

      d92786630250e9eb6c47537b09684fa107f959b50d255c7f3952741eb438c3be47e171827d3a4407b049c33c12dad73f8ec381a7265b28a6d8ca101ff702e8a4

    Score
    3/10
    discovery
    behavioral25behavioral26

    • Target

      $PLUGINSDIR/IEKill.dll

    • Size

      24KB

    • MD5

      86acfaa6a25bca6031b303b5bdcc232b

    • SHA1

      819fd291e5403d8915fe5984e89ee1f6a496a480

    • SHA256

      e4a0127903902f485eaf29d76052c03daeaa096234baa03c6ba5f3ddb9f233e6

    • SHA512

      521bd61d92d07e520fc6ba149847d67d5ac46bc1eb04bc33e7576776b7dd20cdbc059e79c6f857659a25c098d0395559f92c2d92274bde97acc7f224aa6e3b4a

    • SSDEEP

      96:NK6SSNF28W2z/Zq6YTgdY8BKZ8BKoIhsdQculsG51m:06BNRjZqeIT5hsdQcNsk

    Score
    3/10
    discovery
    behavioral27behavioral28

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      13KB

    • MD5

      d765c492c21689e3d9d61634371fd861

    • SHA1

      ac200933671ae52c9d5544d0e2e8e9144d286c83

    • SHA256

      551e6042dd494ea01549555ffc194ab9729da09058ec714eb368dd06642c9bbc

    • SHA512

      9919a9e848c8f1e26c75d0d29207571e4b86a4140bd554743d2c1f8bd7f386fe4919345b163d89a5d907fb165e435ba0ac5f6b1101713636141f156a420e2e0f

    • SSDEEP

      192:9B6RvrfvOuJQDghBy/X7QKq3TLGciZJf0EzWzMnz6WoF1dBs:v6RrviWaX7eiZJ7nz6bB

    Score
    3/10
    discovery
    behavioral29behavioral30

    • Target

      $PLUGINSDIR/KillProcDLL.dll

    • Size

      32KB

    • MD5

      83142eac84475f4ca889c73f10d9c179

    • SHA1

      dbe43c0de8ef881466bd74861b2e5b17598b5ce8

    • SHA256

      ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729

    • SHA512

      1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1

    • SSDEEP

      384:3rYz6grZodORNWATt4TBmlk5ooyzFh7BukAUdJoUtSOSR:3QggDWATWNCFh7BNddJoxO+

    Score
    3/10
    discovery
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
7/10

behavioral1

adwarediscoverypersistencestealerupx
Score
7/10

behavioral2

adwarediscoverypersistencestealerupx
Score
7/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discoveryupx
Score
5/10

behavioral16

discoveryupx
Score
5/10

behavioral17

adwarediscoverystealerupx
Score
6/10

behavioral18

adwarediscoverystealerupx
Score
6/10

behavioral19

discovery
Score
7/10

behavioral20

discovery
Score
7/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

discovery
Score
3/10

behavioral26

discovery
Score
3/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

discovery
Score
3/10

behavioral30

discovery
Score
3/10

behavioral31

discovery
Score
3/10

behavioral32

discovery
Score
3/10