Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2e73da0e87...18.exe

windows7-x64

7

2e73da0e87...18.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    09/07/2024, 00:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2e73da0e871dca3c0a8360474f8a5e2b_JaffaCakes118.exe

  • Size

    204KB

  • MD5

    2e73da0e871dca3c0a8360474f8a5e2b

  • SHA1

    652c2cb7318fc2b49a6ff17c8a099c33c32e01f7

  • SHA256

    3383c78a3caacae4f82381f0d83ad26eea1e1be5b04613338e7455687393354b

  • SHA512

    5f9a4528028ab2492f3fceb0b3178f4d76f2e2959d9f3b81ffcd24b7ffee694252b41c4755287e3d0f3848fe21a9536dc636e6bc00440b998eb1a72e77de1a6b

  • SSDEEP

    3072:+bI7pSg/D41XJnM2QawEi7ExnD/OveIxPL904OU2Xkce57WiiYTnd:4NSD+pM2OEjxnD/OGIxxn0XcWit

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2e73da0e871dca3c0a8360474f8a5e2b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2e73da0e871dca3c0a8360474f8a5e2b_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:1928

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nstB59B.tmp\ioSpecial.ini
    Filesize

    820B

    MD5

    abaf1e780e5c51d0f56ce33e542352cc

    SHA1

    02590aa62fdb0a5566b33aadc8c191888b373c31

    SHA256

    c8c66ebe901eddfcb188c735719ad99b09840731ca7b89bbdecb5bbd890cee21

    SHA512

    940604f1ffbfbf6a9c716a3a6c4899aae6cc0cbdd391eef3d7dfc2e83e738a86f91e84a6ee1e9f788e6f362c30f755b3af83a366df21f905e5ee8ca4a430e002

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nstB59B.tmp\ioSpecial.ini
    Filesize

    859B

    MD5

    c286eb412ef9d3b4b32a6adda60440cd

    SHA1

    6fa2060f45a8440a42c776ecd8436740a0c10399

    SHA256

    17ad0aeb32d2cefe86e87620db5605dfc80b4b09166ab2af7ee1567350061a09

    SHA512

    e0b2a3701e6ca967c59bba3169a6b8644c71b794ce011e15ebc9a721642c7a59f54fba391a6674ef4499769ea21d43e20cd954ce589185a4e3bba5a225eda0bf

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nstB59B.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    eca460272800136da217dff3c8953df0

    SHA1

    64e9ec022913d66b58ab5a8dbbfe7dd35d077824

    SHA256

    fd74339ffd5a66781a333005f065a3978ca7916cc56e73ec9598262c72a33ff8

    SHA512

    f92ccca98551fde68db761f58ac36e76319dde137dd0cff80f0f67f473412000ffba774074416e6907049c6b4c71ccbc853c33f4e489ba2b4f50badc2739b747

    Download Submit