Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
32f82a626e1...18.exe
windows7-x64
72f82a626e1...18.exe
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ch.dll
windows7-x64
1$PLUGINSDI...ch.dll
windows10-2004-x64
3$PLUGINSDI...er.dll
windows7-x64
1$PLUGINSDI...er.dll
windows10-2004-x64
1$_64_/$R2.dll
windows7-x64
3$_64_/$R2.dll
windows10-2004-x64
3Analysis
-
max time kernel
93s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
10/05/2024, 14:11
Static task
static1
Behavioral task
behavioral1
Sample
2f82a626e189e3ee203c23954586cba9_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2f82a626e189e3ee203c23954586cba9_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/kasearch.dll
Resource
win7-20240215-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/kasearch.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/setuphelper.dll
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/setuphelper.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
$_64_/$R2.dll
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
$_64_/$R2.dll
Resource
win10v2004-20240426-en
General
-
Target
$PLUGINSDIR/setuphelper.dll
-
Size
425KB
-
MD5
31cbf1d1fe67d0f2fb06a76c537d9895
-
SHA1
4ca1882d38ec6ee6008b696366b4c9bb244e28e0
-
SHA256
7e5ee55ee9c2e482a8d8dadb00665ca2f93db74e95fe40c294f8518247a5f5f5
-
SHA512
95d8490c41a743f357f84b8b2236f4d6049fa7445e76ddd48f3efdc0fbddb6cc8f4f9dfa288880910eee18529afb85aec190dff728db8c76654c7f6568c06c9a
-
SSDEEP
12288:SuUj3aX/aS8pFrHBY9+QkO7+ftzFarhE1Rul:Sug3c8p9+YQk2+f/4l
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4684 wrote to memory of 2016 4684 rundll32.exe 82 PID 4684 wrote to memory of 2016 4684 rundll32.exe 82 PID 4684 wrote to memory of 2016 4684 rundll32.exe 82