Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

23e0072bab...18.exe

windows7-x64

7

23e0072bab...18.exe

windows10-2004-x64

7

$APPDATA/T...at.sys

windows7-x64

1

$APPDATA/T...at.sys

windows10-2004-x64

1

$APPDATA/T...64.sys

windows7-x64

1

$APPDATA/T...64.sys

windows10-2004-x64

1

$PLUGINSDI...et.dll

windows7-x64

3

$PLUGINSDI...et.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...in.dll

windows7-x64

1

$PLUGINSDI...in.dll

windows10-2004-x64

1

$PLUGINSDI...in.dll

windows7-x64

1

$PLUGINSDI...in.dll

windows10-2004-x64

1

$PLUGINSDI...in.dll

windows7-x64

3

$PLUGINSDI...in.dll

windows10-2004-x64

3

$PLUGINSDI...oc.dll

windows7-x64

3

$PLUGINSDI...oc.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...ws.dll

windows7-x64

3

$PLUGINSDI...ws.dll

windows10-2004-x64

3

Bmbt.dll

windows7-x64

3

Bmbt.dll

windows10-2004-x64

3

Bmcmon.dll

windows7-x64

3

Bmcmon.dll

windows10-2004-x64

3

Bmctr.dll

windows7-x64

1

Bmctr.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08/05/2024, 07:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    23e0072baba7b9ea62f2ed1fc1d52131_JaffaCakes118.exe

  • Size

    22.1MB

  • MD5

    23e0072baba7b9ea62f2ed1fc1d52131

  • SHA1

    9b1e33d9e51149e59978084e2c052b618136270f

  • SHA256

    284a18ed393b0e60ca6fada933c6612df9862d024038c51a0ab8906ccbdcc990

  • SHA512

    3bfe0b3b7efd1156ae78aa3454fcaadf676b09207996cbb1b8dfc221f079a1bbcdf8fe4f463a430d50467a386edf51169d0b4fa68ce7ebac043327cd1e82d07d

  • SSDEEP

    393216:cntfiT0iFP+FBTpoAICN50ousZnni/NcyTQ0hMLb/lD/gUfKX9GBq27cL:AtfmPwlprIG53ilXQTLb/1/tiX9sFQ

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\23e0072baba7b9ea62f2ed1fc1d52131_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\23e0072baba7b9ea62f2ed1fc1d52131_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:2864

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nsy1F83.tmp\System.dll
    Filesize

    17KB

    MD5

    9bc41bcacae7d39ea49d416f24458697

    SHA1

    8b8806eda2a80d9b34d8d807935aa4a1f40d9003

    SHA256

    ce612773d6bd6d15f748f922d9a1d281e67221bceca6b9c9f6ddec4e401a9ac8

    SHA512

    e325c2b0a2b05548b66e204ff4b408cb54eadc785613f4a29e4061f65e9844fe07aa80c8672f64cf5ba30d80a5086a46051ae80a4a1903af79501540aae7555e

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy1F83.tmp\TXSetupPlugin.dll
    Filesize

    154KB

    MD5

    fc24d842bee47ac5b715990d8a245aa9

    SHA1

    22831e433b46c19a6c1efb2e0aaa1da9f3c24d68

    SHA256

    44757e0d4ac80fb0db87d9a6fc479b6ac31aec9bf727ef80a9d6162e8b15ef08

    SHA512

    a2c49714532422d5f3762cd45984e15b2054fb838420e9d74f9b71fd293e7f1105bbe656fe9a87ab418936b75c3ebf67cf871bae448db4eaccdab94b92fc6d12

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy1F83.tmp\TXWindowPlugin.dll
    Filesize

    101KB

    MD5

    f473fd16b42fc12e31cf0f7969e73122

    SHA1

    e69c72d81d38c2cf16282ded52b84ab31d4ff031

    SHA256

    cd943661b7804c45a05625d1deb3ceb9eac3f60b4f1cf227562f7cdc7ffe0af2

    SHA512

    a51f4104e283a7a8a902cfac970ecf2b4a86ff0bd2ac3c85c9d4419a5359899bff473ac97d7cd38b6094b4060ca5c6ab4a712644a82aaf37b53028aa6b7beed2

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy1F83.tmp\WndProc.dll
    Filesize

    9KB

    MD5

    a96f557108dd0ec546d3578789e1ab66

    SHA1

    58cfacd351bc209c18c9a9e7f46e1dfc0298ce41

    SHA256

    b271e4a57fa3a739b265a9b55aeb366b369a876e09d8b8a7e3ed3da9b7f24e90

    SHA512

    e9b6a8496981b793e2d8874414fbe50ea0ea34785ee3319b6dccea778c0e44edb88ee8699f9cfc21edaf5a708b5fac5b57b27dec627a56b44979c448a9787b70

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy1F83.tmp\inetc.dll
    Filesize

    27KB

    MD5

    3ce829b63a04ddb4bb00211a16cb47a5

    SHA1

    91e69792d40c7a8e2db51636d7fb5cf3a0d88f50

    SHA256

    fc868b11746f72a2758a79bc82bd4253679fe20f719256ce7a8720e2000e5c1b

    SHA512

    b47777a8566f5b09ed223479c2e48f046729c6591eda2eb5d5c952af00475a1333fc2b2580041eb9763602d70d6a172820fb4ec77ec57d29e714665524178f91

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy1F83.tmp\nsDialogs.dll
    Filesize

    15KB

    MD5

    141fde44b6b2b0fc3d7d81e62c70f4ce

    SHA1

    755483b608b4519dbbd73eb5c07184f15d5533a7

    SHA256

    7788feb3ec52b52aa0b839341cb2c955e36546fa85577dfe7dde7852d961913c

    SHA512

    de598b349196a4eedada4b020ac9b6fb9610a18589e28d7778608a5a00e651cb3a300c1ddb1bd3a5adae05a3f6cee583ff57402bf19c61ce9451d236ba60828f

    Download Submit