Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
762c4cde600...18.exe
windows7-x64
762c4cde600...18.exe
windows10-2004-x64
7$PLUGINSDI...if.dll
windows7-x64
3$PLUGINSDI...if.dll
windows10-2004-x64
3$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDI...os.dll
windows7-x64
3$PLUGINSDI...os.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/inetc.dll
windows7-x64
3$PLUGINSDIR/inetc.dll
windows10-2004-x64
3$PLUGINSDI...ay.dll
windows7-x64
7$PLUGINSDI...ay.dll
windows10-2004-x64
7$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3$PLUGINSDIR/nsWeb.dll
windows7-x64
3$PLUGINSDIR/nsWeb.dll
windows10-2004-x64
3$TEMP/instloffer.exe
windows7-x64
3$TEMP/instloffer.exe
windows10-2004-x64
3$TEMP/license.rtf
windows7-x64
4$TEMP/license.rtf
windows10-2004-x64
1Analysis
-
max time kernel
121s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
22/07/2024, 09:58 UTC
Behavioral task
behavioral1
Sample
62c4cde60085292fa55e1fc9a5987d17_JaffaCakes118.exe
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral2
Sample
62c4cde60085292fa55e1fc9a5987d17_JaffaCakes118.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/AnimGif.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/AnimGif.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
$PLUGINSDIR/BgWorker.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral6
Sample
$PLUGINSDIR/BgWorker.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
$PLUGINSDIR/ExecDos.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral8
Sample
$PLUGINSDIR/ExecDos.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral10
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
$PLUGINSDIR/inetc.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral12
Sample
$PLUGINSDIR/inetc.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
$PLUGINSDIR/nsArray.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral14
Sample
$PLUGINSDIR/nsArray.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral16
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral18
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
$PLUGINSDIR/nsWeb.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral20
Sample
$PLUGINSDIR/nsWeb.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
$TEMP/instloffer.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral22
Sample
$TEMP/instloffer.exe
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
$TEMP/license.rtf
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral24
Sample
$TEMP/license.rtf
Resource
win10v2004-20240709-en
windows10-2004-x64
General
-
Target
$PLUGINSDIR/AnimGif.dll
-
Size
9KB
-
MD5
200b6570553d00a76de8a5a6c9587f07
-
SHA1
08ca76a84cba8483ab34285d07909e08bdbf4a67
-
SHA256
8fb060b77728fbe347e294d1174a732db7cf9c99b187f8f332662c87683fd0a3
-
SHA512
01ab8aa80d7d5d3083f2e3016aab5dad29c0bbba18b225a5dde51b3bc6fa4c8c1278aec17d76bc5ee2b9ccb8532c22d79845162f752bba6ee12341b4d64304e8
-
SSDEEP
192:gOHvLYKKad68vn0YQRbqLGWSMRH00yQTbxDdHw:bvLXKa0OqRqS1MRH00HJdH
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1952 2140 WerFault.exe 30 -
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 1716 wrote to memory of 2140 1716 rundll32.exe 30 PID 1716 wrote to memory of 2140 1716 rundll32.exe 30 PID 1716 wrote to memory of 2140 1716 rundll32.exe 30 PID 1716 wrote to memory of 2140 1716 rundll32.exe 30 PID 1716 wrote to memory of 2140 1716 rundll32.exe 30 PID 1716 wrote to memory of 2140 1716 rundll32.exe 30 PID 1716 wrote to memory of 2140 1716 rundll32.exe 30 PID 2140 wrote to memory of 1952 2140 rundll32.exe 31 PID 2140 wrote to memory of 1952 2140 rundll32.exe 31 PID 2140 wrote to memory of 1952 2140 rundll32.exe 31 PID 2140 wrote to memory of 1952 2140 rundll32.exe 31
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\AnimGif.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1716 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\AnimGif.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:2140 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 2243⤵
- Program crash
PID:1952
-
-