Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

aaae520ac8...18.exe

windows7-x64

7

aaae520ac8...18.exe

windows10-2004-x64

7

$PLUGINSDIR/INetC.dll

windows7-x64

3

$PLUGINSDIR/INetC.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ON.dll

windows7-x64

3

$PLUGINSDI...ON.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    14/06/2024, 16:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aaae520ac82fc05c94bea64b1d1c9002_JaffaCakes118.exe

  • Size

    140KB

  • MD5

    aaae520ac82fc05c94bea64b1d1c9002

  • SHA1

    7420d2377e3a0dd4b2ca5c4cc27c7ab979f30f82

  • SHA256

    36e496a71fbfeb31c69d1ce4835ea048577ca0e7bd038e73e8efbb18d2f8ab2a

  • SHA512

    67784fd56f8aa452fc58109010f0f0c49ac8589211193bd69e35b7a307720fbf92e3f095d17d46da5aae39ebbe1e76dec4da67356d2812e8d37bed779cd8146f

  • SSDEEP

    3072:i8UWylM4JDVPYuaAN0jlmKA5BDm5r8Wl7mGCKZXyDm5rNh:wlHX4AijdAvfO9XyY

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aaae520ac82fc05c94bea64b1d1c9002_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\aaae520ac82fc05c94bea64b1d1c9002_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:856

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nst194C.tmp\INetC.dll
    Filesize

    25KB

    MD5

    40d7eca32b2f4d29db98715dd45bfac5

    SHA1

    124df3f617f562e46095776454e1c0c7bb791cc7

    SHA256

    85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9

    SHA512

    5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst194C.tmp\System.dll
    Filesize

    12KB

    MD5

    8cf2ac271d7679b1d68eefc1ae0c5618

    SHA1

    7cc1caaa747ee16dc894a600a4256f64fa65a9b8

    SHA256

    6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba

    SHA512

    ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3

    Download Submit