Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

07d859dfbc...18.exe

windows7-x64

7

07d859dfbc...18.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...rb.dll

windows7-x64

3

$PLUGINSDI...rb.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...la.rtf

windows7-x64

4

$PLUGINSDI...la.rtf

windows10-2004-x64

1

$PLUGINSDI...ay.dll

windows7-x64

7

$PLUGINSDI...ay.dll

windows10-2004-x64

7

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...ML.dll

windows7-x64

3

$PLUGINSDI...ML.dll

windows10-2004-x64

3

$PLUGINSDI...ry.dll

windows7-x64

3

$PLUGINSDI...ry.dll

windows10-2004-x64

3

$R1/$_1_/U...ll.exe

windows7-x64

7

$R1/$_1_/U...ll.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    29/04/2024, 14:09 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    07d859dfbc355b509a8b7fa8d3d89a51_JaffaCakes118.exe

  • Size

    1.6MB

  • MD5

    07d859dfbc355b509a8b7fa8d3d89a51

  • SHA1

    ccad3a91e562cdb3b97d8f939ca7914231210d96

  • SHA256

    15b16b91099406788937c675b15f2e81f3f9df40b0756552fa19c0cb24d3a621

  • SHA512

    a362ffad97b449f4356c3f3f5fa91d8f8cf9f2ac8ae2f41f9b3fa95275af1c945b22d14b907862ffa7b437b9f005c4f0296913fd67688ace203335dc48874b1e

  • SSDEEP

    49152:B4iUJg/bzdpAI7QeZ6688/ykGl4y8u7CUxW:BpUJWbp+IdQ3VPmyrBw

Score
7/10
spywarestealer

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\07d859dfbc355b509a8b7fa8d3d89a51_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\07d859dfbc355b509a8b7fa8d3d89a51_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2944

Network

  • flag-us
    DNS
    www.secondofferdelivery.com
    07d859dfbc355b509a8b7fa8d3d89a51_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    www.secondofferdelivery.com
    IN A
    Response
No results found
  • 8.8.8.8:53
    www.secondofferdelivery.com
    dns
    07d859dfbc355b509a8b7fa8d3d89a51_JaffaCakes118.exe
    73 B
     146 B
     1
    1

    DNS Request

    www.secondofferdelivery.com

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nsi1D9F.tmp\System.dll
    Filesize

    11KB

    MD5

    bf712f32249029466fa86756f5546950

    SHA1

    75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

    SHA256

    7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

    SHA512

    13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsi1D9F.tmp\UAC.dll
    Filesize

    13KB

    MD5

    a88baad3461d2e9928a15753b1d93fd7

    SHA1

    bb826e35264968bbc3b981d8430ac55df1e6d4a6

    SHA256

    c5ab2926c268257122d0342739e73573d7eeda34c861bc7a68a02cbc69bd41af

    SHA512

    5edcf46680716930da7fd1a41b8b0426f057cf4becefb3ee84798ec8b449726afb822fb626c4942036a1ae3bb937184d1f71d0e45075abb5bf167f5d833df43a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsi1D9F.tmp\UserInfo.dll
    Filesize

    4KB

    MD5

    c7ce0e47c83525983fd2c4c9566b4aad

    SHA1

    38b7ad7bb32ffae35540fce373b8a671878dc54e

    SHA256

    6293408a5fa6d0f55f0a4d01528eb5b807ee9447a75a28b5986267475ebcd3ae

    SHA512

    ee9f23ea5210f418d4c559628bbfb3a0f892440bcd5dc4c1901cb8e510078e4481ea8353b262795076a19055e70b88e08fee5fb7e8f35a6f49022096408df20e

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsi1D9F.tmp\apphelp.dll
    Filesize

    1.8MB

    MD5

    3951fb5de2e2d4329100a9687091f5b7

    SHA1

    4f7ceda872f7be5926509df521afee159c9135b4

    SHA256

    a098a5db545f2429a2c8caaed482afe553720cafe785da57fdd6d46479047ea7

    SHA512

    7d3ea57c8c1986036a5ace35eb5076f7c96c796f447e39a7ae3040e71eb0596df56dcf0376bd4fd51360b750f0c38c962970584979bd01794b642e483d5020b7

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsi1D9F.tmp\nsDialogs.dll
    Filesize

    9KB

    MD5

    4ccc4a742d4423f2f0ed744fd9c81f63

    SHA1

    704f00a1acc327fd879cf75fc90d0b8f927c36bc

    SHA256

    416133dd86c0dff6b0fcaf1f46dfe97fdc85b37f90effb2d369164a8f7e13ae6

    SHA512

    790c5eb1f8b297e45054c855b66dfc18e9f3f1b1870559014dbefa3b9d5b6d33a993a9e089202e70f51a55d859b74e8605c6f633386fd9189b6f78941bf1bfdb

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsi1D9F.tmp\registry.dll
    Filesize

    24KB

    MD5

    2b7007ed0262ca02ef69d8990815cbeb

    SHA1

    2eabe4f755213666dbbbde024a5235ddde02b47f

    SHA256

    0b25b20f26de5d5bd795f934c70447112b4981343fcb2dfab3374a4018d28c2d

    SHA512

    aa75ee59ca0b8530eb7298b74e5f334ae9d14129f603b285a3170b82103cfdcc175af8185317e6207142517769e69a24b34fcdf0f58ed50a4960cbe8c22a0aca

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsi1D9F.tmp\soffer.dll
    Filesize

    194KB

    MD5

    cff6a9dc992dcc7c9c3a3cf6e64d4df0

    SHA1

    e7f7847c2d2ff0781d27e029f209c4c2bd8e355f

    SHA256

    149279f79ad29d68c444111b7a1120e5053ad41444c5ebb6281f46257c050efd

    SHA512

    176e6ca3d2f907026da35c35d11f586225a0c388acbca474c9dbcf43913bd068e691302084b1c695e7e9678d57033162f51aa67fa2220941f1b0c288019888da

    Download Submit

  • memory/2944-38-0x0000000003100000-0x0000000003101000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2944-53-0x0000000003100000-0x0000000003101000-memory.dmp

    Filesize

    4KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.