Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

435e570880...18.exe

windows7-x64

7

435e570880...18.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$_2_/$R0.dll

windows7-x64

6

$_2_/$R0.dll

windows10-2004-x64

6

$_2_/$R2/N...4_.exe

windows7-x64

1

$_2_/$R2/N...4_.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/07/2024, 21:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    435e570880d6aca6d294205fc08e7695_JaffaCakes118.exe

  • Size

    121KB

  • MD5

    435e570880d6aca6d294205fc08e7695

  • SHA1

    a985ba7f09de7371f6c151194ced63807b13b6e3

  • SHA256

    75df84ce51fba958aabc1d460c40406083753dfe8a66d7b4b8fb4c65675db1ad

  • SHA512

    86d684d6eb73a1a2aa8540f47c7f682b01d1f289ba54d2f9ab62c04061177202617befde62848db37cd90eac2d837f69345a84292d34838e331c5b8c4d74a293

  • SSDEEP

    3072:1KQXtg/sDHmJ945Q41S/HdrJckuzIsJjs0Oh8bFgG1jP:1NpuESfdr+ssV0OpjP

Score
7/10
adwarestealer

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in Windows directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 41 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\435e570880d6aca6d294205fc08e7695_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\435e570880d6aca6d294205fc08e7695_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Installs/modifies Browser Helper Object
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2600
    • C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32.exe" "C:\Windows\Intel\baiduc.dll" /s
      2⤵
      • Loads dropped DLL
      • Drops file in Windows directory
      • Modifies registry class
      PID:824

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsrBE7F.tmp\System.dll
    Filesize

    10KB

    MD5

    bf01b2d04e8fad306ba2f364cfc4edfa

    SHA1

    58f42b45ca9fc1818c4498ecd8bac088d20f2b18

    SHA256

    d3f9c99e0c1c9acd81a1b33bc3dbd305140def90d10485c253cf1d455f0dc903

    SHA512

    30ca1663d659c5efac7fed3d1aaba81c47d5d5fda77f30f021124c882b858732e17f917bfd0aa3ee7b269fad86e75b1b9388d8f916e7a4e2c9961669f2c772e7

    Download Submit

  • C:\Windows\Intel\baiduc.dll
    Filesize

    156KB

    MD5

    42748366d1edb36ffc9156932e52cf13

    SHA1

    1c2862acc20bb1d530340ae4c26d7b6337f5c07c

    SHA256

    06d3bd3d155d93792a41eaf999bf2d45b9de1cb093622dafbfc7b634d8105244

    SHA512

    ac7fdaa8bfa348ed62cce11109d3ad0d9a77494be5ad8202df98f0881c9ebe5bccd904839527b635e583b038440cff25a179abfbf741bdf4980de58c76d5f8c0

    Download Submit

  • C:\Windows\system.ini
    Filesize

    247B

    MD5

    54d86797f5bb50e10fb6e3c6f2cd9432

    SHA1

    4ba0c23e177830332276c53f8460151a5b8248ef

    SHA256

    f898742bb7083056a6cc110503856690881e57530845c0d6af5bfba9ae8dfbbd

    SHA512

    fed3356ca6e2be4702a08c1fb2dde2d1ccd681b1bed4deeb4c06fbb032e9233e2c1774efb3868bc71c40d3a023f02f7b69240058e96ceeece325b42ed02c8fb5

    Download Submit

  • memory/2600-13-0x0000000004810000-0x0000000004839000-memory.dmp

    Filesize

    164KB

    Download