Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

a7a8bff507...18.exe

windows7-x64

7

a7a8bff507...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$TEMP/tap-windows.exe

windows7-x64

7

$TEMP/tap-windows.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

bin/devcon.exe

windows7-x64

1

bin/devcon.exe

windows10-2004-x64

1

driver/tap0901.sys

windows7-x64

1

driver/tap0901.sys

windows10-2004-x64

1

bin/libeay32.dll

windows7-x64

1

bin/libeay32.dll

windows10-2004-x64

1

bin/liblzo2-2.dll

windows7-x64

1

bin/liblzo2-2.dll

windows10-2004-x64

1

bin/libpkc...-1.dll

windows7-x64

3

bin/libpkc...-1.dll

windows10-2004-x64

3

bin/openssl.exe

windows7-x64

1

bin/openssl.exe

windows10-2004-x64

1

bin/openvpn-gui.exe

windows7-x64

1

bin/openvpn-gui.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    14/06/2024, 02:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a7a8bff507d3aa5f382e68cd344e589c_JaffaCakes118.exe

  • Size

    1.5MB

  • MD5

    a7a8bff507d3aa5f382e68cd344e589c

  • SHA1

    87e22e8b9200d178b00c8d7fc5437fac7b7eb7eb

  • SHA256

    33659d416ece94d089ac3aa73302d73f30944b4cd299506b215990b8dfe8a41e

  • SHA512

    e556be94a29c5378e6e453bec75bf9422e41572787d2466165259164b2c2baf5e3d301e9b6ea57379f205aa87bec52c986f211b7aae20651d5c844f435a41a7e

  • SSDEEP

    24576:tIDAIdEYf1+vXI4lzkrAja9l890udp1h+5UJWI9qPfe3gZrPVZdJb+9tbV/x6o:tjAmI4NkrAjco06p1EUSPfY69N+9tbN

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a7a8bff507d3aa5f382e68cd344e589c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a7a8bff507d3aa5f382e68cd344e589c_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:1044

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nst6B6.tmp\ioSpecial.ini
    Filesize

    625B

    MD5

    a22abefac8c99ebd889ba91e99a37be4

    SHA1

    ac1d7eeaa1e45494b56b5287e23c9a19dae50a9b

    SHA256

    00335fc4b81097be43d34f17e2394fc8efadba5fa949f7a6290b87de9d762302

    SHA512

    81b72aee8d65dd2275ba88303648225f1cb7ec97933ac78a756a759133e49fcfa0cc01a8ae6d0ddbf7d1dc9f363fe0d727580db27107089a85abc16f408fb62b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst6B6.tmp\InstallOptions.dll
    Filesize

    18KB

    MD5

    adec63bd08a185bffe6fda335d29df87

    SHA1

    23f37d31f3b1c07547ad4fa2747305a04ac09b54

    SHA256

    dbd0068d46077ee1ace4eaafc3312389c29af22d306c5757a1a29a93146604a9

    SHA512

    44bb32fa41b0c2b41d637f15dd2cab84ad6f9dae39febb263923eeee19d1c80d65ba3939ab87d34fbb28af6a6f867c21daab5810d289e309451c67ef6f65a88c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst6B6.tmp\System.dll
    Filesize

    23KB

    MD5

    125aebb055446fb52aa5956cf99e8a9a

    SHA1

    6b58fd08a8ff2763219cc6b0dcdb875f9970f850

    SHA256

    2e1b11ee20e5061ea86dc6b01e3efc659e887540afcab7317cdfd6a8eff87ec3

    SHA512

    5f85e48bd3ae2fd2be0595b93cbf74674e0281210688dcc73691178b295a702e8d43898afb6e5d8b7e82de98b4ee28194c9838ddf8279cde85f7fe48d34dc8b7

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst6B6.tmp\UserInfo.dll
    Filesize

    6KB

    MD5

    7f780de67db61a924bebc0cafaded3ad

    SHA1

    3ac359dce08ceff16e4214fe45d83fdc8e3f2e1a

    SHA256

    9931a2f8bb44b92ff26062b99cbb6e41ed1cfad65079dec5d6d9c006223bd121

    SHA512

    8378f04b6f5085e887ed46874414e5681f0ecb6889dbaa25eb78f75112d4be603aef8dec6a2a81857a19978f6ccf07d65d566ff3f0943da809de22599ffdd8f2

    Download Submit

  • memory/1044-92-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1044-94-0x000000006AF00000-0x000000006AF0D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/1044-93-0x000000006E3C0000-0x000000006E3CD000-memory.dmp

    Filesize

    52KB

    Download