Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

11880711c8...18.exe

windows7-x64

7

11880711c8...18.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ow.dll

windows7-x64

3

$PLUGINSDI...ow.dll

windows10-2004-x64

3

$R2/CrashRpt1403.dll

windows7-x64

1

$R2/CrashRpt1403.dll

windows10-2004-x64

1

$R2/CrashS...03.exe

windows7-x64

1

$R2/CrashS...03.exe

windows10-2004-x64

1

$R2/GAME.exe

windows7-x64

1

$R2/GAME.exe

windows10-2004-x64

1

$R2/SDL2.dll

windows7-x64

1

$R2/SDL2.dll

windows10-2004-x64

1

$R2/SDL2_ttf.dll

windows7-x64

1

$R2/SDL2_ttf.dll

windows10-2004-x64

1

$R2/WOL/PATCHW32.dll

windows7-x64

3

$R2/WOL/PATCHW32.dll

windows10-2004-x64

3

$R2/WOL/REGISTER.exe

windows7-x64

1

$R2/WOL/REGISTER.exe

windows10-2004-x64

1

$R2/WOL/WOLAPI.dll

windows7-x64

1

$R2/WOL/WOLAPI.dll

windows10-2004-x64

1

$R2/WOL/WO...er.dll

windows7-x64

1

$R2/WOL/WO...er.dll

windows10-2004-x64

1

$R2/WOL/unins000.exe

windows7-x64

7

$R2/WOL/unins000.exe

windows10-2004-x64

7

$R2/ddraw.dll

windows7-x64

1

$R2/ddraw.dll

windows10-2004-x64

3

$R2/libfreetype-6.dll

windows7-x64

3

$R2/libfreetype-6.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    04/05/2024, 04:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    11880711c83d2d5b184fd25f5289ba0c_JaffaCakes118.exe

  • Size

    3.4MB

  • MD5

    11880711c83d2d5b184fd25f5289ba0c

  • SHA1

    272456b67e8c919a5ec7e76f37034ea04e06259d

  • SHA256

    27bf8e239f59a87c27cc9d1c7e92adece25427d246cb5c04fa0237930181fea9

  • SHA512

    e69afc36d385940e7db60b2a9b0cd40b541a046e340c7d2a8ac032c4af4d16df6843c51b4dbba7a9b45ebdd672fc600fb035a3095f4abc27c840906c3b33fb96

  • SSDEEP

    49152:Pgla0nbzAW+THF2kA1+9WHyvJxnOy4hAT0sRkrwXykrY2R/UDaUbNc7Jl8ltyUk:PgZZ2FFA12OyvJjTbogyiY9LNc9WHBk

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\11880711c83d2d5b184fd25f5289ba0c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\11880711c83d2d5b184fd25f5289ba0c_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:1812

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nso29EF.tmp\System.dll
    Filesize

    11KB

    MD5

    6f5257c0b8c0ef4d440f4f4fce85fb1b

    SHA1

    b6ac111dfb0d1fc75ad09c56bde7830232395785

    SHA256

    b7ccb923387cc346731471b20fc3df1ead13ec8c2e3147353c71bb0bd59bc8b1

    SHA512

    a3cc27f1efb52fb8ecda54a7c36ada39cefeabb7b16f2112303ea463b0e1a4d745198d413eebb3551e012c84a20dcdf4359e511e51bc3f1a60b13f1e3bad1aa8

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nso29EF.tmp\nsDialogs.dll
    Filesize

    9KB

    MD5

    d9256d9acaecabb20b7e9a1595abfa36

    SHA1

    ece1cab181dac7729246da1d4494b8daa10c3b70

    SHA256

    d7b2c55977a541f8d075e48d4e0a82eec79ad247b0ed168c19a8518131acd19c

    SHA512

    5827cdbfde0e766d1b74ecb22f9614232031da41c21d0f6ff6c9d5dcdfc0adc23e8fd616eb020ab42208932444b5e0cb1e6d6e698bead412eae19624a180b6ff

    Download Submit