Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

8aaf4eba60...18.exe

windows7-x64

7

8aaf4eba60...18.exe

windows10-2004-x64

7

$0.dll

windows7-x64

3

$0.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PROGRAMFI...to.chm

windows7-x64

1

$PROGRAMFI...to.chm

windows10-2004-x64

1

$TEMP/4673...up.dll

windows7-x64

3

$TEMP/4673...up.dll

windows10-2004-x64

3

$TEMP/4673...le.exe

windows7-x64

1

$TEMP/4673...le.exe

windows10-2004-x64

3

$TEMP/Move...on.dll

windows7-x64

3

$TEMP/Move...on.dll

windows10-2004-x64

3

InstDrvAction-32.exe

windows7-x64

3

InstDrvAction-32.exe

windows10-2004-x64

3

UnloadModule.exe

windows7-x64

1

UnloadModule.exe

windows10-2004-x64

3

ePassNgMgr.exe

windows7-x64

3

ePassNgMgr.exe

windows10-2004-x64

3

ft12drv.dll

windows7-x64

4

ft12drv.dll

windows10-2004-x64

4

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    11/08/2024, 14:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8aaf4eba60924032f832fc6223780678_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    8aaf4eba60924032f832fc6223780678

  • SHA1

    65e0491be8ec8f574287d4ea60d7bc3f0178f654

  • SHA256

    afe4c1ac48c58f0671f15c3741e7e822d4f84fb99d05e14117005cc80912bcf6

  • SHA512

    899bbdd146199277d757b7751171527270ae978163eca30958f41b563ca894cd2e695efd63389d6c6e2200805e77c682f0785eaac956a5f56fcae24faefe402f

  • SSDEEP

    49152:5VtR7tQuV7hQbAyXUvZ5BjgPotU1tdotFDNZmJpASMNRGrHK:ftXrV7iXsZ5Bjgg2dothNZGWSMWrq

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8aaf4eba60924032f832fc6223780678_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8aaf4eba60924032f832fc6223780678_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2528

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4673551D-STFT12-4FE7-A218-48BDAE051E2B_std\ft12\ngsetup.ini
    Filesize

    6KB

    MD5

    e142c6e63487a7836bcba4deb259eca4

    SHA1

    3d8b41f146d225a2bac899ab0c4fa62a5102418f

    SHA256

    73df6e385850b64c79fb6d561868c8077fd909b709a5c0572d4f9329453f12a4

    SHA512

    bc42c0eb7506dc1e48c167d721f583e7a9ce66cd3049c392756cf2f40eef6d13f39c9e5f5c776b3c75fcab1c6f73105af592a8086997d7d20f6fa9bd9db2957c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsyAEB8.tmp\ioSpecial.ini
    Filesize

    721B

    MD5

    c44e7e8d4d8e52d67ff144c3ed4d1b61

    SHA1

    42f4633b6d215dd8a511cf0334c5633ab170f459

    SHA256

    93378c66d317ac1796cf839d2a43efd2970322ddc424a8cba62738c5e4367496

    SHA512

    cc14a6db9e411ff19cd7dad95a3eccc21beead9e352481dc9737172c0ae6815349d0a4cc7b675e7f986501524433d7a45f902b9e8a17366a9c0935c23ec48ab3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\4673551D-STFT12-4FE7-A218-48BDAE051E2B_std\NGSetup.dll
    Filesize

    168KB

    MD5

    481815d8cd7a0f149deb0e0c34a0192e

    SHA1

    f02977bf518461cdfe8d3c6b2bb71089750a5ced

    SHA256

    3a1e9411ead9fc77543de2a8688a0b0a35c680502a7406ab5bb95f3d1ad956ff

    SHA512

    d4bc27da3059a413535399b1bcdd00766a329f0da10cc4ad33883857a4057473f9fbb31db99f847d75551768bd03fbe79342a879e47b155fefcd0a900c18dade

    Download Submit

  • \Users\Admin\AppData\Local\Temp\4673551D-STFT12-4FE7-A218-48BDAE051E2B_std\_shfoldr.dll
    Filesize

    20KB

    MD5

    b7993c10b9a8c3b9735d7696c7b9e8b6

    SHA1

    ac2e765311380bfa502b3b7aed2e8d80c351e08b

    SHA256

    6f0443a62fd444c4254f902f668543b867a0577504915d22cd75328f73cd4472

    SHA512

    d17ae76467f5fac056494a0fdef445a5bbb1f633507ddef9b2afc12dd47eaa68096784d47e968383b207382850100ef1915378e74564e29cbe1c8e0d422dd679

    Download Submit

  • \Users\Admin\AppData\Local\Temp\MoveOldVersion.dll
    Filesize

    116KB

    MD5

    31b08693ada2912f242988bec93203e3

    SHA1

    b41bcdaa2b9f553aae613efa80f547130d1dc237

    SHA256

    46891c74d66ae79405cb15aed74d8b2b90a4fc556aa20b840ee888f7668da6b3

    SHA512

    b8f9bb31c431347902e1d3ffa9ca961ee1032d2ed765d2fa9d61168c5e99629bf77a737d87cf80fc8f6d92ee70173e51c769301e335273ef37127048c4bd4ae6

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsyAEB8.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    eef9e469e8a30717974499f277d97e2a

    SHA1

    2d33c25984ebd9116beeb55cdde4c5c86c023e5d

    SHA256

    1f35bb6728237483c779005fc227e69fef51b0bafd32d15855d483948a337078

    SHA512

    d860132106a1c03dfa23f983b3c503f1216ac02f3d47833b96dfb333fb30bc8ab4d4fecd1f1f0a89f0c7f3586405461e2d53c26f282bb48970e549659b364b48

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsyAEB8.tmp\System.dll
    Filesize

    11KB

    MD5

    c6f5b9596db45ce43f14b64e0fbcf552

    SHA1

    665a2207a643726602dc3e845e39435868dddabc

    SHA256

    4b6da3f2bdb6c452fb493b98f6b7aa1171787dbd3fa2df2b3b22ccaeac88ffa0

    SHA512

    8faa0204f9ed2721acede285be843b5a2d7f9986841bcf3816ebc8900910afb590816c64aebd2dd845686daf825bbf9970cb4a08b20a785c7e54542eddc5b09a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsyAEB8.tmp\UserInfo.dll
    Filesize

    4KB

    MD5

    66bb40a1defb0aef9865919689d4aa96

    SHA1

    90cc473004f4351f25d026d13b3f7cb19ee23908

    SHA256

    82772146a77ac3bf5e3564361ca0de0b612a44482de4cf418c3deaa3b2ae7f1a

    SHA512

    1f26650b7d0068b7e8ad1ac861e00bd184c8bf47363e4766b17a9aed5985f8a54efdde87b30cd9b649d6f5b8eb991ef9d06d4501eac264e1ff096506786133c2

    Download Submit

  • memory/2528-16-0x00000000009B0000-0x00000000009CF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2528-22-0x0000000002860000-0x000000000288A000-memory.dmp

    Filesize

    168KB

    Download