Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    25/06/2024, 01:35

General

  • Target

    0bd30f42b1f803e0e87a8f5eda092604_JaffaCakes118.exe

  • Size

    2.7MB

  • MD5

    0bd30f42b1f803e0e87a8f5eda092604

  • SHA1

    0ce789f1dc9d0f8ad1332c32498e992dcf0b5c15

  • SHA256

    1fd0eb5a0bde40999118afa7beb7e99d43ba60eeba41d3100c8af08c00dc3aa4

  • SHA512

    ccfd3a91813ca0466c3443d7f17962c8364dfdb060a62a18109de46adc89b194d333ca4fde54eb60142a081729b5d46c6a0cc015fc2d7836f3fe1ae43299a756

  • SSDEEP

    49152:mHoT7vpV9HdK0SqON0HwcJaFgEsP5qDl3CntNIxqQr/PXGjJeWIJlzd++6:owFVu0Sv0Hwr3sBqDpCvmqQr2jJeJJlG

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0bd30f42b1f803e0e87a8f5eda092604_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0bd30f42b1f803e0e87a8f5eda092604_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2416

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsy1F35.tmp\ioSpecial.ini

    Filesize

    708B

    MD5

    1cfc241ad6549d8f14815a588ce69dec

    SHA1

    b357c425d9f8bbc533a812d5f1a1d96100cff44f

    SHA256

    404aec5d378cc749fd6952f0b57b12076527181751701d13fdd38f7fbad620e4

    SHA512

    9d28ac075d07e0e46e9a5c24e9f42278667fd8dc9b99dadd18da65e198bbb7fcca709c5eb5bbe343db49e61391ca45df816e0dfcafb447690dd2fb91393dae39

  • \Users\Admin\AppData\Local\Temp\nsy1F35.tmp\InstallOptions.dll

    Filesize

    12KB

    MD5

    3c19f79ce11facc2fc4d3351dbb263e0

    SHA1

    17f4bf4b18ea7700f70ac7d825dc997be0d25f71

    SHA256

    cfaba712ad640ce2b4890005ffcf03ed9e2a18a6cf9075295f3aaea1478896b9

    SHA512

    05c9ac861e4fed610171fcb5fad40abc30cbf90e9c7cb13c758f52cdff568af0fdd6af968db4fb143a748c77f21c353c7cffea28cbcbd2ad17157038ab490273

  • \Users\Admin\AppData\Local\Temp\nsy1F35.tmp\System.dll

    Filesize

    10KB

    MD5

    725145e8caa39635cab9899c47c72eda

    SHA1

    30478c907551bd920bf359638b091fc5c10b5a53

    SHA256

    1759e4f7777fb8c9ed356a7d4dc237a90e0760061685d44ea02d40ca9e359ceb

    SHA512

    de31286ea10321f762a3b6e7c6c82177d5b6f45a82adc936fcbbc23105708cbbbec903ba94ba94e7723e80f1828393e5395ef575b37136b19de7535e74e24547