Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
4Static
static
1acd16a0227...18.exe
windows7-x64
4acd16a0227...18.exe
windows10-2004-x64
4$PLUGINSDI...er.dll
windows7-x64
1$PLUGINSDI...er.dll
windows10-2004-x64
1$PLUGINSDI...ll.dll
windows7-x64
1$PLUGINSDI...ll.dll
windows10-2004-x64
1$PLUGINSDI...cs.exe
windows7-x64
1$PLUGINSDI...cs.exe
windows10-2004-x64
1$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$TEMP/Statistics.exe
windows7-x64
1$TEMP/Statistics.exe
windows10-2004-x64
1Analysis
-
max time kernel
140s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
15/06/2024, 04:00
Static task
static1
Behavioral task
behavioral1
Sample
acd16a0227b454f29a3c1076957a7cd1_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
acd16a0227b454f29a3c1076957a7cd1_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallHelper.dll
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallHelper.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/ProcDll.dll
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/ProcDll.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/Statistics.exe
Resource
win7-20240611-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/Statistics.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240611-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
$TEMP/Statistics.exe
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
$TEMP/Statistics.exe
Resource
win10v2004-20240508-en
General
-
Target
$PLUGINSDIR/ProcDll.dll
-
Size
1014KB
-
MD5
35fd3b38dfe728118c6b95674b96cb3c
-
SHA1
93845a8922d35045b9412a8040fc8b8692ecfb18
-
SHA256
68fea4dd4ae09060e1eac23ddb2fa0ff2761fbbd004c1bcb193c0957b2ed6a17
-
SHA512
ccdb2d03bf242e33b5e5e126b94b9cc4d6fcb55962cee7f836a1d9f887615da5e6912ae6a74a2ed2be8f0e938427fe5e39ee678896f157234d348755baf93354
-
SSDEEP
24576:rUUQn3a6eMQmQS07nmrv/pzd28C1wCJ5Jrw:an34SKnm3pzdnC1w659w
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1600 wrote to memory of 1104 1600 rundll32.exe 91 PID 1600 wrote to memory of 1104 1600 rundll32.exe 91 PID 1600 wrote to memory of 1104 1600 rundll32.exe 91
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\ProcDll.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1600 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\ProcDll.dll,#12⤵PID:1104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1416 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:81⤵PID:1232