Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

1b0bd6ec24...18.exe

windows7-x64

7

1b0bd6ec24...18.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    01/07/2024, 11:03 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1b0bd6ec24da010d54cc233a1028dcfd_JaffaCakes118.exe

  • Size

    52KB

  • MD5

    1b0bd6ec24da010d54cc233a1028dcfd

  • SHA1

    a5d9e9ce9d036cbff79b63a009b3f3431dcc9358

  • SHA256

    b90d7d3495cd245679a44ef9fd12d768638bac34414709102c06e4857d1a4fbd

  • SHA512

    ab2c7957e5c7fa2a406cf202e66cb1cb898fa7a26fd837e5ae9bb45e60228dd79011714ce04d7849192aebda066aa0aa6ee0c9f6977187548e6c5b71f913ad7d

  • SSDEEP

    768:+4wO7XBz+5Qm3W0tYdrQZHV4EWuWEUOg4jjfS3XJUTQvDjxLJYhoO0AVu:xLXB65939tY6HBg4sXJ88xJYLnV

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1b0bd6ec24da010d54cc233a1028dcfd_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1b0bd6ec24da010d54cc233a1028dcfd_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    PID:2264

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\tp17.exe
    Filesize

    3B

    MD5

    0e2aa41912cfa43d673799f27993a20d

    SHA1

    71ca8892db3af64035384a95000338073b51908f

    SHA256

    23f760f09cf35e3afa3da7fa31f0f45d54d865ca51ac14123aa741991657ef48

    SHA512

    155afb65c566997ea1ce8710105d96fb03d36422ab6f26e2285fbf2300ad646bba47f927ea8d58859aefea72e595814bc1a3f58c4c1016b216590e32e054bdd8

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd72D0.tmp\System.dll
    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.