Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

151a9a7f07...18.exe

windows7-x64

7

151a9a7f07...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

NP264PLAY.dll

windows7-x64

3

NP264PLAY.dll

windows10-2004-x64

3

NPDVRNET.dll

windows7-x64

1

NPDVRNET.dll

windows10-2004-x64

1

NPLANGUAGE.dll

windows7-x64

1

NPLANGUAGE.dll

windows10-2004-x64

1

npDvr.dll

windows7-x64

1

npDvr.dll

windows10-2004-x64

1

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    125s
  • max time network
    130s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/06/2024, 07:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    151a9a7f07c64f2e476f3cd751093ebb_JaffaCakes118.exe

  • Size

    803KB

  • MD5

    151a9a7f07c64f2e476f3cd751093ebb

  • SHA1

    d978f2864f0e8af5865188979d9390941f38e46b

  • SHA256

    05f4df533dce0752fa82547bf93d1b4b7db6ce942e24e86e50ba4c7d76af3052

  • SHA512

    402b4a2ef52f145d9422b80af7e5e495606328ea25642f3ce93f7d2e72e7e01508494c05d62af5ebdb3ed7ad935cfb563e418257ee66226fd07f2bee4779c0e7

  • SSDEEP

    24576:kAd0aqpXnlFGXVpB07vvQtM6+gLYiTpgaF:kDPAFjqnEr+gLY58

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\151a9a7f07c64f2e476f3cd751093ebb_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\151a9a7f07c64f2e476f3cd751093ebb_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    PID:2936
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3444,i,11266875042087428226,16669718873272757238,262144 --variations-seed-version --mojo-platform-channel-handle=1276 /prefetch:8
    1⤵
      PID:3696

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\nsjF639.tmp\InstallOptions.dll
      Filesize

      14KB

      MD5

      0dc0cc7a6d9db685bf05a7e5f3ea4781

      SHA1

      5d8b6268eeec9d8d904bc9d988a4b588b392213f

      SHA256

      8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c

      SHA512

      814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsjF639.tmp\System.dll
      Filesize

      11KB

      MD5

      00a0194c20ee912257df53bfe258ee4a

      SHA1

      d7b4e319bc5119024690dc8230b9cc919b1b86b2

      SHA256

      dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

      SHA512

      3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsjF639.tmp\ioSpecial.ini
      Filesize

      700B

      MD5

      50e3502c89f8be768f19b05a2766df43

      SHA1

      51981488e4e2023c0c3e42d48258189af25051c9

      SHA256

      9b1b610b0ee62e0ed002b89012c2b2c206cb881689610c8527197ea7cbdb3a21

      SHA512

      508f42ed32d91155f1b907509c773425b6e9ad9793f85b482f9b66e8107284627e4ec114a163de5747c45c108bcc055cad5a5683c3b3e421724dfb55a4e4dc1d

      Download Submit