Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
576231aa5da...18.exe
windows7-x64
776231aa5da...18.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...ta.dll
windows7-x64
3$PLUGINSDI...ta.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...on.dll
windows7-x64
3$PLUGINSDI...on.dll
windows10-2004-x64
3$PLUGINSDI...7z.dll
windows7-x64
3$PLUGINSDI...7z.dll
windows10-2004-x64
3TeamViewer.exe
windows7-x64
7TeamViewer.exe
windows10-2004-x64
7TeamViewer...op.exe
windows7-x64
3TeamViewer...op.exe
windows10-2004-x64
3TeamViewer...fr.dll
windows7-x64
1TeamViewer...fr.dll
windows10-2004-x64
1TeamViewer...ce.exe
windows7-x64
3TeamViewer...ce.exe
windows10-2004-x64
3TeamViewer...es.dll
windows7-x64
1TeamViewer...es.dll
windows10-2004-x64
1tv_w32.dll
windows7-x64
3tv_w32.dll
windows10-2004-x64
3tv_w32.exe
windows7-x64
3tv_w32.exe
windows10-2004-x64
3tv_x64.dll
windows7-x64
1tv_x64.dll
windows10-2004-x64
1tv_x64.exe
windows7-x64
1tv_x64.exe
windows10-2004-x64
1General
-
Target
76231aa5daf7e77b57ce225a2c72c8ec_JaffaCakes118
-
Size
2.9MB
-
Sample
241027-1vct1s1lcr
-
MD5
76231aa5daf7e77b57ce225a2c72c8ec
-
SHA1
93e73555f870abe15f692b146a2135a20200aa10
-
SHA256
113d4fb8f7503e7b240aca6df1fb3882fd15e43b3f242fc9df72a00dbbfa80d7
-
SHA512
b88403545c6f7af99ce3d29b4a383842d4a29ce87629c21528a773a1c80a7483a8dd3f6fb9ffd09e705ed931a7ba999bbfea73656468c4122736875582526052
-
SSDEEP
49152:pvcpFgJWquIdCctulDogi4GPhIo6svlgyJEooXE2+7hobbaNnYQnDoc:pvcEYEtuxogNGZvtlgyJEQ2+7hkknDoc
Behavioral task
behavioral1
Sample
76231aa5daf7e77b57ce225a2c72c8ec_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
76231aa5daf7e77b57ce225a2c72c8ec_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/ReadCustomerData.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/ReadCustomerData.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20241010-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/TvGetVersion.dll
Resource
win7-20240708-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/TvGetVersion.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/nsis7z.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/nsis7z.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
TeamViewer.exe
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
TeamViewer.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
TeamViewer_Desktop.exe
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
TeamViewer_Desktop.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
TeamViewer_Resource_fr.dll
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
TeamViewer_Resource_fr.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
TeamViewer_Service.exe
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
TeamViewer_Service.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
TeamViewer_StaticRes.dll
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
TeamViewer_StaticRes.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
tv_w32.dll
Resource
win7-20241023-en
Behavioral task
behavioral24
Sample
tv_w32.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
tv_w32.exe
Resource
win7-20241010-en
Behavioral task
behavioral26
Sample
tv_w32.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
tv_x64.dll
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
tv_x64.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
tv_x64.exe
Resource
win7-20240708-en
Behavioral task
behavioral30
Sample
tv_x64.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
76231aa5daf7e77b57ce225a2c72c8ec_JaffaCakes118
-
Size
2.9MB
-
MD5
76231aa5daf7e77b57ce225a2c72c8ec
-
SHA1
93e73555f870abe15f692b146a2135a20200aa10
-
SHA256
113d4fb8f7503e7b240aca6df1fb3882fd15e43b3f242fc9df72a00dbbfa80d7
-
SHA512
b88403545c6f7af99ce3d29b4a383842d4a29ce87629c21528a773a1c80a7483a8dd3f6fb9ffd09e705ed931a7ba999bbfea73656468c4122736875582526052
-
SSDEEP
49152:pvcpFgJWquIdCctulDogi4GPhIo6svlgyJEooXE2+7hobbaNnYQnDoc:pvcEYEtuxogNGZvtlgyJEQ2+7hkknDoc
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
0dc0cc7a6d9db685bf05a7e5f3ea4781
-
SHA1
5d8b6268eeec9d8d904bc9d988a4b588b392213f
-
SHA256
8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c
-
SHA512
814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0
-
SSDEEP
192:n6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jPK72dwF7dBEnbok:n6UdHXcIiY535zBt2jP+BEnbo
Score3/10 -
-
-
Target
$PLUGINSDIR/ReadCustomerData.dll
-
Size
64KB
-
MD5
703598aa5ff97f512112cd766543a2f1
-
SHA1
0bfb74b03227ee8510e153785edd76625404ab55
-
SHA256
5f76752e83789bb8184070d618d83f43c2f565cc7fad2c4266e44339223ba69b
-
SHA512
3eff4670a3c97ec931eb1240d22a943ad6b19ea07ce781dabcc656ae2049d36c42b8f5bf3ce59366057ea3ece8913e83da3ec98c2c1434edf144dd9d4731fe58
-
SSDEEP
768:TWaFM5hBUVVsDPytWyIBvsdfk3Nhs8o6S5uymhRv1OInQ/bTLZmTtxHWQ:CvnuV+TcWGIPOChRwIQ/XLQtxH
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
00a0194c20ee912257df53bfe258ee4a
-
SHA1
d7b4e319bc5119024690dc8230b9cc919b1b86b2
-
SHA256
dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
-
SHA512
3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
$PLUGINSDIR/TvGetVersion.dll
-
Size
55KB
-
MD5
bec86f19027cbb13f05881e6712388f2
-
SHA1
c5fe5ecffe244869c60d8e3a023b610a08b62ff4
-
SHA256
c774a0fb87248b985b8543bd5ce2d5f58d64c091c912de8c0d45d9ff18ca1835
-
SHA512
553a707b7b3d2b74039695e01c0a74c9c9a84696c67a1c087680fac8384998009369cbe78c6f1b23a018d0f4b46665379eb6f22bc0436d15d385bb8625e14837
-
SSDEEP
768:ZX4xrWyk9mIyPmr5yPItXjZJ/pY0RaOnot0kEabnOhXw1tslXYBt:ZXw2mIydKFRaM40khOhMtslXM
Score3/10 -
-
-
Target
$PLUGINSDIR/nsis7z.dll
-
Size
176KB
-
MD5
06ff2b95b8e123d32487b0cb73409031
-
SHA1
8cb3f584112db4e74cea4ed02d4ce0b3a5373bfa
-
SHA256
0dedad042a306da32784c3ce79bfac0475b827e416c17e1a1dfdb461151f4271
-
SHA512
174e7599ba87bc45111ce340d7563771353df71988d6b9094d8bdeab4b45ec730cbd2e6bf3943ad66daa02d7f1f1eac0020b987109fabed96b2e0def8d0602c6
-
SSDEEP
3072:rfSCQ4FYoKhEHvf4aytolZ8MMNjXtWXTkibb7zHetRYFJ8:HFYosEH3UtoX8fUtXPOm
Score3/10 -
-
-
Target
TeamViewer.exe
-
Size
6.2MB
-
MD5
93f07bec68e8034a720af5d8192cc7d9
-
SHA1
2712801b4eb30809ce7737a3058e39d23f57cbef
-
SHA256
015b1912e194a987b997453d34807c61964695668e96798f1a0f14d8b860b441
-
SHA512
df762eae64b4eac28c432e767219fbebdd2cbeafdf42a454458c5a5142de9f65152b4bc917af421e62065656124f64e734863ce22165c617536a3cf2e2067292
-
SSDEEP
98304:5rPxZWF5vO3sdWADovMsyvXEwUKTvtF1eyKTxcraQsCQkBHIhAND/uF5wjQOo+sX:5rPTcvO0DDAfy/TvtZZIAuFa6aIrpB
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
TeamViewer_Desktop.exe
-
Size
2.2MB
-
MD5
de387d6df42108e47e5b771edc1a9307
-
SHA1
b8f3150e6e2431a52373bf50514cfab370cb14df
-
SHA256
701fa727912566b842d6072839d4f4af505f2d9662bea789bd70460d383dfd00
-
SHA512
91d014c1a70b23f91a9ae6159cdecca139231ce7db408f7f0edf22259cb820323060d3165639093180ec3b18b783cf4e4e9cd06f8f126cd765c86169031d8d73
-
SSDEEP
24576:P/OJmyMRRS07UdaYN1jgH65zwDX+8VYrI336RZrhGT0zAFGSFAzgCu/kKiJycmcX:9HszfnzcX0rI33IrhGhFauathNZBr1
Score3/10 -
-
-
Target
TeamViewer_Resource_fr.dll
-
Size
266KB
-
MD5
9af4a79fa623b3ab053db41c0a2f6111
-
SHA1
bd390794a64c581086971a370d462a406d949aa3
-
SHA256
684c72614db74d8e35406c5bf766b234e772b0471fd98ef8e62365dd1ca7527c
-
SHA512
afb1af45cab5360e92d238f393a8811d879dd92a08d7b0ae3404565f704699e08a377f902224c5eeb5119be5d3ee848cf311396fa41d1a2210225c906446d826
-
SSDEEP
3072:C4DdofYRxYv0sSpMU4HBpAZ1i7BXdUyp8a6vzDt1Rag1mB:KSh4HLAZiIu6xG
Score1/10 -
-
-
Target
TeamViewer_Service.exe
-
Size
2.6MB
-
MD5
bea57f6d10e8ee1a59d05c378d6649d0
-
SHA1
d919eb6dc0a4c9e288a54bf3a5100f85518599d5
-
SHA256
1dea67a601eaafaba2cb80229b1a4a05b6099c6f1be2ed5b20487786c82b8417
-
SHA512
3f6fe928906fc14d694309b8068457fd6feaf932abf8ff9431056ee64c9b5fd5ffab1f9cfc546ee4a9f740c7a3516d4e2469454f032757e4577e4b920ac3b1cd
-
SSDEEP
49152:EW02brLiE0e+hSBn3x709EV+S0E06zDoHc4aMIbIoANGq/kII4dbGApETLe:EWR/pcehIKF0EhzkHcf8oANZ
Score3/10 -
-
-
Target
TeamViewer_StaticRes.dll
-
Size
2.3MB
-
MD5
544bd524f936e803f493ab8ed918c25c
-
SHA1
a84a04020b5708b14321a9adde34482e2fefbbc3
-
SHA256
192e8b09becfbebac4fe71fe6ed391d0448f3c7056c88f68248be9a8505ddd57
-
SHA512
7f66fd5a4b3e7eb25202e737e5ac841d44f5121571e6fa6f14a90f258435fc07f05ef2fa9e999864ef2f98fdeaf4b7db230fd80e01d2d43b211bcec49be99d05
-
SSDEEP
12288:07FRMxerSauRDWxe2CPE8L+YoBSNPramjvT1Vg:MprSajWL1T1S
Score1/10 -
-
-
Target
tv_w32.dll
-
Size
64KB
-
MD5
cf249d56bb0d4685dd6c4828b97b8307
-
SHA1
aed4ccf8f9a280b84796e36d56f3fdf373410526
-
SHA256
ea3f4562e20e6b4bd892e11e597ccc02325aca1be579df244ce015b3bc7133c7
-
SHA512
f1ac55090ee93ad141e2cec3d9a0a98eddcdf50b26cddc41274cbb74fd87720584bf4aa37ae84683ea7c59d75ef0c26196a9aea1afd81b5836624ffc85ba4cf3
-
SSDEEP
768:lkW6VIpfAl7yjqJ9V/iP30cu9FJ+VlTHPWyqPGYDIIL:ltqIpYYmOHuPAVVW9Z
Score3/10 -
-
-
Target
tv_w32.exe
-
Size
103KB
-
MD5
684c5d48dd6a0cced97c4fe983bcfe47
-
SHA1
cf9c9c3d4d3bd073b83e169df85c074463b68167
-
SHA256
5531101a8387222cac733726f6f58fb02ee4ce7798e5964514837c10ef4f7877
-
SHA512
7e3e88366df92a44ce981bb6d49e64cb642ddffcfe73322239e6050a53631f649706479bb37e260a299319d58d4834ffcb5b6edfa7573d647fea919fe9903c79
-
SSDEEP
1536:QQLuOPVckAlDOuWen7dqxCuRcCfKZjwkDi/A5JAYR5vadW:TLvakAxdcjkk/A9R5va
Score3/10 -
-
-
Target
tv_x64.dll
-
Size
76KB
-
MD5
70014c076003d1d4822366c79ba3e3e6
-
SHA1
af350e238354c8cb46b63aec7bdab680554e9641
-
SHA256
93bfe08aeedc6a995883e83652ec81080503104a69f15549f640e934aa691a82
-
SHA512
7807705657cfced2423ea106a2492e4d494eb59f6b666fd448b54df196fdbf6618f470facbff71593b14b43b32d668f3868a21f6a880d2f84dd7ef491c330e64
-
SSDEEP
768:mDpSeSiE2jFPM0BdmVI6pzYbW1fxkClSN8Qx9pig8HK77TkyYYYVoQsLtIIL:ASeSiEZs8a6BY1oSNbfQu7TkyYNVId
Score1/10 -
-
-
Target
tv_x64.exe
-
Size
126KB
-
MD5
84c57f59da45494c5a1c124bd294aa1f
-
SHA1
d41c850246e286309ecc737e8d24ed1b16841640
-
SHA256
05e3ae965608f662378232e4847754e18c09f2b98e5bbb380f784f320a865bd9
-
SHA512
715f981edda272725933cd0f6aab86049cbfc75f9f1b8af62a7be69512b559ae0592346b9b0b3ba763d7546ce60fa85362e657fab34d8a11caa26bc6be629627
-
SSDEEP
3072:+UwSVG88g4k/sVlgGQZkc+DnFKPcQmlZKEdV/5QY:+I0VlgZZ5+MPcQ4ZlVW
Score1/10 -
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1