Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

28bc6281d4...18.exe

windows7-x64

7

28bc6281d4...18.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    06/07/2024, 15:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    28bc6281d4ea0d8587bed91fdfc4937c_JaffaCakes118.exe

  • Size

    227KB

  • MD5

    28bc6281d4ea0d8587bed91fdfc4937c

  • SHA1

    4346bddd46fc479b16918c0ad34bfc0f236f31d5

  • SHA256

    133f61cd4e91ef94b75353b070ea30ee51e5603ac91950e2f865dca16db318b0

  • SHA512

    69ab61a0a309cb576b7910de10727e065b10a4acfcadc4326080322b33782cae33b02044729f6e90856d9b63d9b8e16476f848e7fb248e3e2659e378e2c9632f

  • SSDEEP

    3072:qbI7pSg/D41XJU3D9ejzIXCmAagdWcaQXLqdC7Lzv1W9BtapXNgl/FdSVTD4zuns:UNSD+0Dqz7OY5qdzuN0S14D

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\28bc6281d4ea0d8587bed91fdfc4937c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\28bc6281d4ea0d8587bed91fdfc4937c_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2200

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsoC5F0.tmp\ioSpecial.ini
    Filesize

    788B

    MD5

    ff9a9f638bc66cefd7242f01b99d78a8

    SHA1

    8b5f25d6717f5d5d0a56a1481618595b2e46e445

    SHA256

    f3dc3de2b85439b03cdcefb4a5909ff5a1cb66de80fe419808141f98c37b5e81

    SHA512

    d4a590decf79ff14e2e8f9382b8efb140cb1b62ee1ed0ad98607d5dec851df08b0a9f9afcc73cd96558c36b6c7ac8aff69c26f00d94855c966d85aa657a6ebaf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsoC5F0.tmp\ioSpecial.ini
    Filesize

    749B

    MD5

    6ce6c43a8ab1331811072b1bff9dc7d5

    SHA1

    eae3d2572488067344772831b220a95d9db647ad

    SHA256

    e4f9d99305941874fed4b6dcbea0f94ad00241572dd365d1de6094b3703484e3

    SHA512

    444d00ba3f82785c516ccaecaa1e7da8eda406b4264bb26633585b99e99f384d20d72b9b711206482669a15a3007b6a3a0d99ca03ade11d342cb70eefa7bd85c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsoC5F0.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    eca460272800136da217dff3c8953df0

    SHA1

    64e9ec022913d66b58ab5a8dbbfe7dd35d077824

    SHA256

    fd74339ffd5a66781a333005f065a3978ca7916cc56e73ec9598262c72a33ff8

    SHA512

    f92ccca98551fde68db761f58ac36e76319dde137dd0cff80f0f67f473412000ffba774074416e6907049c6b4c71ccbc853c33f4e489ba2b4f50badc2739b747

    Download Submit