Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
3aaae520ac8...18.exe
windows7-x64
7aaae520ac8...18.exe
windows10-2004-x64
7$PLUGINSDIR/INetC.dll
windows7-x64
3$PLUGINSDIR/INetC.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...ON.dll
windows7-x64
3$PLUGINSDI...ON.dll
windows10-2004-x64
3Analysis
-
max time kernel
121s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
14/06/2024, 16:29
Static task
static1
Behavioral task
behavioral1
Sample
aaae520ac82fc05c94bea64b1d1c9002_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
aaae520ac82fc05c94bea64b1d1c9002_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/INetC.dll
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/INetC.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240611-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/nsJSON.dll
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/nsJSON.dll
Resource
win10v2004-20240508-en
General
-
Target
aaae520ac82fc05c94bea64b1d1c9002_JaffaCakes118.exe
-
Size
140KB
-
MD5
aaae520ac82fc05c94bea64b1d1c9002
-
SHA1
7420d2377e3a0dd4b2ca5c4cc27c7ab979f30f82
-
SHA256
36e496a71fbfeb31c69d1ce4835ea048577ca0e7bd038e73e8efbb18d2f8ab2a
-
SHA512
67784fd56f8aa452fc58109010f0f0c49ac8589211193bd69e35b7a307720fbf92e3f095d17d46da5aae39ebbe1e76dec4da67356d2812e8d37bed779cd8146f
-
SSDEEP
3072:i8UWylM4JDVPYuaAN0jlmKA5BDm5r8Wl7mGCKZXyDm5rNh:wlHX4AijdAvfO9XyY
Malware Config
Signatures
-
Loads dropped DLL 2 IoCs
pid Process 856 aaae520ac82fc05c94bea64b1d1c9002_JaffaCakes118.exe 856 aaae520ac82fc05c94bea64b1d1c9002_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 856 aaae520ac82fc05c94bea64b1d1c9002_JaffaCakes118.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
25KB
MD540d7eca32b2f4d29db98715dd45bfac5
SHA1124df3f617f562e46095776454e1c0c7bb791cc7
SHA25685e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9
SHA5125fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d
-
Filesize
12KB
MD58cf2ac271d7679b1d68eefc1ae0c5618
SHA17cc1caaa747ee16dc894a600a4256f64fa65a9b8
SHA2566950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba
SHA512ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3