Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

0e51912989...18.exe

windows7-x64

7

0e51912989...18.exe

windows10-2004-x64

7

$PLUGINSDI...SC.dll

windows7-x64

3

$PLUGINSDI...SC.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDIR/nsURL.dll

windows7-x64

3

$PLUGINSDIR/nsURL.dll

windows10-2004-x64

3

$PLUGINSDI...ry.dll

windows7-x64

3

$PLUGINSDI...ry.dll

windows10-2004-x64

3

$PLUGINSDIR/utils.dll

windows7-x64

3

$PLUGINSDIR/utils.dll

windows10-2004-x64

3

$_52_/Plug...ct.exe

windows7-x64

1

$_52_/Plug...ct.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    94s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/05/2024, 11:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0e51912989e3831ccd201c1c1bf5ffc5_JaffaCakes118.exe

  • Size

    1.1MB

  • MD5

    0e51912989e3831ccd201c1c1bf5ffc5

  • SHA1

    d342cf8dd2382195f1e76491074fa748cda3dfc2

  • SHA256

    bf0251e3e76a263068db92373e19bd646c695f75f5100799c569c76dd92c0c8b

  • SHA512

    e4a85524f9afbbbb7f06dcddff648641dd40667823d1f2ab14cbece7b344e1fa843ad120fac7af3b3f1d5506334b9a9dca3755fe0d31f0aa58396e75999f4d7e

  • SSDEEP

    24576:XZfAw3bLCl2wbReC0GTezBMOQtBosaPJZEz+f6c5xlgHbX:9Hb+lJbRvPTmxQtTaPJZESVlmbX

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0e51912989e3831ccd201c1c1bf5ffc5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0e51912989e3831ccd201c1c1bf5ffc5_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    PID:4872
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 1088
      2⤵
      • Program crash
      PID:1604
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4872 -ip 4872
    1⤵
      PID:1644

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\nsp3922.tmp\SimpleSC.dll
      Filesize

      61KB

      MD5

      d63975ce28f801f236c4aca5af726961

      SHA1

      3d93ad9816d3b3dba1e63dfcbfa3bd05f787a8c9

      SHA256

      e0c580bbe48a483075c21277c6e0f23f3cbd6ce3eb2ccd3bf48cf68f05628f43

      SHA512

      8357e1955560bf0c42a8f4091550c87c19b4939bf1e6a53a54173d1c163b133b9c517014af6f7614eddc0c9bbf93b3b987c4977b024b10b05b3dc4eb20141810

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsp3922.tmp\registry.dll
      Filesize

      24KB

      MD5

      2b7007ed0262ca02ef69d8990815cbeb

      SHA1

      2eabe4f755213666dbbbde024a5235ddde02b47f

      SHA256

      0b25b20f26de5d5bd795f934c70447112b4981343fcb2dfab3374a4018d28c2d

      SHA512

      aa75ee59ca0b8530eb7298b74e5f334ae9d14129f603b285a3170b82103cfdcc175af8185317e6207142517769e69a24b34fcdf0f58ed50a4960cbe8c22a0aca

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsp3922.tmp\utils.dll
      Filesize

      167KB

      MD5

      49bbea53054a3e53a8f24fd7ab97be44

      SHA1

      7ab42d62efb2d56ce6fab5e37aaf4478ae428daf

      SHA256

      fd162cc491484bb0009afe40dcef245bb7802af5b63b9c1ca12e2f22fed31341

      SHA512

      6baaa63910bdc93717556ed3f9f1fca9743488f1e1d7a5005ba3dbe44dce800019658556d7f3518e758ba18ab653d351bba6bbfb5c92f8c6b21fc2fc0a20cf7e

      Download Submit

    • memory/4872-5-0x0000000002360000-0x0000000002373000-memory.dmp

      Filesize

      76KB

      Download