Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
32d94069398...18.exe
windows7-x64
72d94069398...18.exe
windows10-2004-x64
7$0/scanquery.dll
windows7-x64
1$0/scanquery.dll
windows10-2004-x64
1$0/scanquery.exe
windows7-x64
3$0/scanquery.exe
windows10-2004-x64
3$0/uninstall.exe
windows7-x64
7$0/uninstall.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
08/07/2024, 19:38
Static task
static1
Behavioral task
behavioral1
Sample
2d94069398144fddc58ae08242b94d0a_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
2d94069398144fddc58ae08242b94d0a_JaffaCakes118.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral3
Sample
$0/scanquery.dll
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
$0/scanquery.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral5
Sample
$0/scanquery.exe
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
$0/scanquery.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral7
Sample
$0/uninstall.exe
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
$0/uninstall.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240705-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240704-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240708-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240704-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240704-en
General
-
Target
$0/scanquery.exe
-
Size
29KB
-
MD5
5e0d01130d3f28e1d3abbfd847eabdbe
-
SHA1
0f16c83b31146e818aa55b7d047a07aa21d75a02
-
SHA256
e86ce704b6caa6e7400f1f2883c5b39d1d4ccbaf8ee61b123dc49de2b7873ae5
-
SHA512
d7e9b7b8aa54442112f62212800a8f69a19e40fe6442ac26be5439fe903c98c6e37392b6903d09cc8245fbf9f7992f82f05dbbfe90a2e2df698631f97f61ce88
-
SSDEEP
768:GK/elBdtQ9KKW13HDWz+P5rX/kJKyC6VJl:p/elBeKf13HA+xrvk4yVl
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2944 784 WerFault.exe 30 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 784 wrote to memory of 2944 784 scanquery.exe 31 PID 784 wrote to memory of 2944 784 scanquery.exe 31 PID 784 wrote to memory of 2944 784 scanquery.exe 31 PID 784 wrote to memory of 2944 784 scanquery.exe 31