Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

743ac40c6b...18.exe

windows7-x64

7

743ac40c6b...18.exe

windows10-2004-x64

7

$PLUGINSDI...ol.dll

windows7-x64

3

$PLUGINSDI...ol.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

EngineApiWrapper.dll

windows7-x64

1

EngineApiWrapper.dll

windows10-2004-x64

1

Filters/LC.dll

windows7-x64

1

Filters/LC.dll

windows10-2004-x64

1

Filters/License.rtf

windows7-x64

4

Filters/License.rtf

windows10-2004-x64

1

Filters/Re...or.exe

windows7-x64

1

Filters/Re...or.exe

windows10-2004-x64

1

Filters/elaudec.dll

windows7-x64

1

Filters/elaudec.dll

windows10-2004-x64

1

Filters/em2vd.dll

windows7-x64

1

Filters/em2vd.dll

windows10-2004-x64

1

Filters/empgpdmx.dll

windows7-x64

1

Filters/empgpdmx.dll

windows10-2004-x64

1

Filters/register.cmd

windows7-x64

1

Filters/register.cmd

windows10-2004-x64

1

Filters/thsource.dll

windows7-x64

1

Filters/thsource.dll

windows10-2004-x64

1

Filters/un...er.cmd

windows7-x64

1

Filters/un...er.cmd

windows10-2004-x64

1

IPDev.Skin...gn.dll

windows7-x64

1

IPDev.Skin...gn.dll

windows10-2004-x64

1

IPDev.Skins.dll

windows7-x64

1

IPDev.Skins.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    26/05/2024, 03:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    743ac40c6b7ef79481773fd14dc6bfe7_JaffaCakes118.exe

  • Size

    8.4MB

  • MD5

    743ac40c6b7ef79481773fd14dc6bfe7

  • SHA1

    f5b04c1a4fb752ab750a1ef91313bd6f7095eb61

  • SHA256

    94fef3ee9512941ff1aa4c8a951598ae67c42b71fbc047d28f3164570497d0b0

  • SHA512

    0104cbb1c5ec5610ed760289ada227921be8c1f526e5de0adf516ebad972cf1eff20fd59ac85a7cf1ea121f6036b4c67147f7d04515dd6f401376a3f11bcd164

  • SSDEEP

    196608:TUWVop/eZE87qzzvrAhPtqCybuUuXwEED0Yoj:TUWyp/e+RfvrsPtyfuXwEED0Yoj

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\743ac40c6b7ef79481773fd14dc6bfe7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\743ac40c6b7ef79481773fd14dc6bfe7_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:1104

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsi1B7E.tmp\ioSpecial.ini
    Filesize

    682B

    MD5

    76d4882c82f09ddb3e6254356c5087d9

    SHA1

    bd15ebf458cae1f19f2d68f71f4782eff8af265b

    SHA256

    d886cea3dc0699014e17302b51d0a243fc2a3f355c6616d726154c7005a8659b

    SHA512

    1fad5eb89d0f60b60fcd1da8fc03775b8139b73ae67a05ddcf41fe3e51bb0c5e068f2aaf1648c26897391864d9d7a3a620e94fb930518b5d99454ee5d569a446

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsi1B7E.tmp\ioSpecial.ini
    Filesize

    695B

    MD5

    a13a711c93f9e102973f4215c4fd16b6

    SHA1

    9f1f667697493a7bec5dc29c9cf9890d26a5bedf

    SHA256

    ea1ade38ed5e4edc6ecb37c0e73c4caf0ea42fbf47a0c0dac90134cea2942bd8

    SHA512

    534ef4a2839982aa32f140744e5be0f1b6452a001c6e97db15f4cc73f78d5b6aed36501a7e19d587e4ca5321145b84ab0bcf59d6c35aaa04561e9852d4bfe583

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsi1B7E.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    07f44600b7eb220c2606e67a6d3f679d

    SHA1

    13b3aa534496ffab2597cc8ff3689cd91facc89d

    SHA256

    59f7effd3d516dabf92a41e9886c307bd26f0e0985d637414eba1b3f9f720dab

    SHA512

    63ec9038b718da687065f3938f87391c7925577b656c63cf5abc32de5b7daa7363f07ce973d2af8ea347321a3d1c543273b6cb1ca30eb414c8657f90cd0268de

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsi1B7E.tmp\System.dll
    Filesize

    11KB

    MD5

    f55b41485cbaf292389a52f8e4f0594b

    SHA1

    89e9b0d1291fa78a40cab358553c447cbbeaa130

    SHA256

    f16bc2ceb7a6bc7df0955530e72b0aa072ce27650c5cf7b33fd4ea82dea196fc

    SHA512

    938e8661b8cf418608156dc813c1eb0cc3fa5efa9483061a152bb103c4d821d5c6a82d4c110729e9686f99ccd4da188aebb38a85a01d8ecadb34bb9f6ba60d09

    Download Submit