Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

f5c3324a08...18.exe

windows7-x64

7

f5c3324a08...18.exe

windows10-2004-x64

7

$PLUGINSDI...ig.dll

windows7-x64

3

$PLUGINSDI...ig.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    194s
  • max time network
    221s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/04/2024, 12:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f5c3324a085161d98e986e1e2d3de85e_JaffaCakes118.exe

  • Size

    123KB

  • MD5

    f5c3324a085161d98e986e1e2d3de85e

  • SHA1

    c8157b2d629112cef37136ac6f46b598c0b46d0d

  • SHA256

    bdb5fbf04bbb1ab7a77c599b155150c9ad484972027dee57cd11c44bfea06b3c

  • SHA512

    0f667b8fa4093838d0388d6e4e5c7e944893b1a41e4845ded87caf1d99a3af0889152f8b0bfd67f7b081763a990fe82c47775047ddc988dfcc23c957da220d6a

  • SSDEEP

    3072:TgXdZt9P6D3XJG45odh4SOr76SB+ZP55fnPcHI1QHSnjaHr+K:Te34Az3Hc75+ZPPfnE2Qyn2f

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f5c3324a085161d98e986e1e2d3de85e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f5c3324a085161d98e986e1e2d3de85e_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3584
    • C:\Windows\SysWOW64\msiexec.exe
      msiexec.exe /i C:\Users\Admin\AppData\Local\Temp\WeatherBugSetup.msi ISSILENTINSTALL=1 ISLAUNCH=1 ZCODE=Z6846 PREREG=2 REGTYPE=2 WXBUGCOMMAND=3
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:392

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsfC318.tmp\IpConfig.dll
    Filesize

    114KB

    MD5

    a3ed6f7ea493b9644125d494fbf9a1e6

    SHA1

    ebeee67fb0b5b3302c69f47c5e7fca62e1a809d8

    SHA256

    ec0f85f8a9d6b77081ba0103f967ef6705b547bf27bcd866d77ac909d21a1e08

    SHA512

    7099e1bc78ba5727661aa49f75523126563a5ebccdff10cabf868ce5335821118384825f037fbf1408c416c0212aa702a5974bc54d1b63c9d0bcade140f9aae1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsfC318.tmp\System.dll
    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsfC318.tmp\inetc.dll
    Filesize

    20KB

    MD5

    e541458cfe66ef95ffbea40eaaa07289

    SHA1

    caec1233f841ee72004231a3027b13cdeb13274c

    SHA256

    3bce87b66d9272c82421920c34b0216e12c57a437d1955c36f23c74c1a01d420

    SHA512

    0bf6313e4cb7bbdcfba828fb791540b630adc58c43aa4b5ba77790367d0f34f76077cd84cc62e2a2c98c788a88547f32a11e549873d172c5aa2753124847cd0c

    Download Submit

  • memory/3584-10-0x00000000023B0000-0x00000000023D6000-memory.dmp

    Filesize

    152KB

    Download