Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

ab48254419...18.exe

windows7-x64

7

ab48254419...18.exe

windows10-2004-x64

7

$APPDATA/A...dl.exe

windows7-x64

1

$APPDATA/A...dl.exe

windows10-2004-x64

1

$PLUGINSDI...in.dll

windows7-x64

1

$PLUGINSDI...in.dll

windows10-2004-x64

1

$PLUGINSDI...on.dll

windows7-x64

1

$PLUGINSDI...on.dll

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

AVCBurnFree.dll

windows7-x64

3

AVCBurnFree.dll

windows10-2004-x64

3

AVCFree.exe

windows7-x64

3

AVCFree.exe

windows10-2004-x64

1

ClipEffectFree.dll

windows7-x64

1

ClipEffectFree.dll

windows10-2004-x64

1

DuiLib_u.dll

windows7-x64

3

DuiLib_u.dll

windows10-2004-x64

3

MFC100U.dll

windows7-x64

1

MFC100U.dll

windows10-2004-x64

1

MSVCP100.dll

windows7-x64

3

MSVCP100.dll

windows10-2004-x64

3

MSVCR100.dll

windows7-x64

3

MSVCR100.dll

windows10-2004-x64

3

ParseDVD.dll

windows7-x64

3

ParseDVD.dll

windows10-2004-x64

3

SDL.dll

windows7-x64

1

SDL.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    142s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    14/06/2024, 20:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ab482544195f7009300ddfe3541e69e5_JaffaCakes118.exe

  • Size

    41.3MB

  • MD5

    ab482544195f7009300ddfe3541e69e5

  • SHA1

    e2c1ba620d28b08a5ef75479e2e803d5bcb25ce8

  • SHA256

    12978eef9daed92259dc10c461bdf027cc646b49425f9941da73d4ded1483d86

  • SHA512

    72c50bff13ed20ab81fe9fdbb078c63b164134f2eef314d0d07f979651fc470b983f2f11e74ff065abfb8833447a6ce51bedf8792c34433b8985760a90bd30c6

  • SSDEEP

    786432:BDToesklSDLTJV3qD4lAuKdBmbhgXefrKkFPTyzA98BhQjB9M4IlF6Aa4tpOg:FEe5EPJV3qDwAuKSbhg1UT99gA9M4ISA

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ab482544195f7009300ddfe3541e69e5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ab482544195f7009300ddfe3541e69e5_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:1728

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nst341D.tmp\AnvsoftNsisPlugin.dll
    Filesize

    390KB

    MD5

    8634cbd6325144713eaedf50cb61c76c

    SHA1

    e755cafbf63d9066f8333b83764dd844fe9dc741

    SHA256

    db7d131aff0761e95d94c77b723295c517daab0dcd86e40981b91ca759826e19

    SHA512

    0555f3b423a5da9b1eec429e1d6312d08d09c9ad559a570c212120bfe40187b52d9db528a30e76aa89e0dd43dfa828d63861d1248041595e19357f27814b00b4

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst341D.tmp\Fusion.dll
    Filesize

    791KB

    MD5

    9af7166d3ab582fd346a3a5786ac0c0d

    SHA1

    3f28ed3875316949ce49938425d05b095a0d08ca

    SHA256

    922755fd3c00121a57b4c7748e84ec56baf77178dff63ed88583ea80276bcf7f

    SHA512

    723fed5d920bef822045ea9d6e0052c907c49edec4311aafc6a9c0f5bafec52184780f8b65fabc4be477cc98c19c98350c5acbaf17ac2f5b484d8bc93046b30a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst341D.tmp\System.dll
    Filesize

    11KB

    MD5

    bf712f32249029466fa86756f5546950

    SHA1

    75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

    SHA256

    7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

    SHA512

    13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst341D.tmp\nsProcess.dll
    Filesize

    4KB

    MD5

    f0438a894f3a7e01a4aae8d1b5dd0289

    SHA1

    b058e3fcfb7b550041da16bf10d8837024c38bf6

    SHA256

    30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

    SHA512

    f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

    Download Submit

  • memory/1728-78-0x0000000007B30000-0x0000000007BFA000-memory.dmp

    Filesize

    808KB

    Download

  • memory/1728-89-0x0000000007B30000-0x0000000007BFA000-memory.dmp

    Filesize

    808KB

    Download