Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

15c24d2421...18.exe

windows7-x64

7

15c24d2421...18.exe

windows10-2004-x64

7

$PLUGINSDI...RL.dll

windows7-x64

3

$PLUGINSDI...RL.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    93s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/06/2024, 11:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    15c24d24213a5e5d6c6056e8e23e663a_JaffaCakes118.exe

  • Size

    553KB

  • MD5

    15c24d24213a5e5d6c6056e8e23e663a

  • SHA1

    3626d8ff2bb09ae689ef1a639a5a1cb3123c573d

  • SHA256

    662672097a300a91da7245771374bdbd2099f0f94e6d8fbd637564288ff29802

  • SHA512

    f369d0bcfcfa2be8c1dc18e2a8a443f6738a54392f0e8019fd634feaf86d57162814473c9d9a7a5e9a2e3cb01cb18001eee24f012872e58bc3d10c3ffac94aa7

  • SSDEEP

    6144:ve34R2JokHzh36dqXEV2rnCeZG/t7FTBqTzP7n7O7L6K2Bfo7pk:72ykHzh36VV2Go0ZTsnz7O7L6ju7pk

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\15c24d24213a5e5d6c6056e8e23e663a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15c24d24213a5e5d6c6056e8e23e663a_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    PID:1648
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 1112
      2⤵
      • Program crash
      PID:2256
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1648 -ip 1648
    1⤵
      PID:4364

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\nsw63EB.tmp\LangDLL.dll
      Filesize

      5KB

      MD5

      9384f4007c492d4fa040924f31c00166

      SHA1

      aba37faef30d7c445584c688a0b5638f5db31c7b

      SHA256

      60a964095af1be79f6a99b22212fefe2d16f5a0afd7e707d14394e4143e3f4f5

      SHA512

      68f158887e24302673227adffc688fd3edabf097d7f5410f983e06c6b9c7344ca1d8a45c7fa05553adcc5987993df3a298763477168d4842e554c4eb93b9aaaf

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsw63EB.tmp\NSISdl.dll
      Filesize

      14KB

      MD5

      a5f8399a743ab7f9c88c645c35b1ebb5

      SHA1

      168f3c158913b0367bf79fa413357fbe97018191

      SHA256

      dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

      SHA512

      824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsw63EB.tmp\UAC.dll
      Filesize

      17KB

      MD5

      09caf01bc8d88eeb733abc161acff659

      SHA1

      b8c2126d641f88628c632dd2259686da3776a6da

      SHA256

      3555afe95e8bb269240a21520361677b280562b802978fccfb27490c79b9a478

      SHA512

      ef1e8fc4fc8f5609483b2c459d00a47036699dfb70b6be6f10a30c5d2fc66bae174345bffa9a44abd9ca029e609ff834d701ff6a769cca09fe5562365d5010fa

      Download Submit