Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

8aaf4eba60...18.exe

windows7-x64

7

8aaf4eba60...18.exe

windows10-2004-x64

7

$0.dll

windows7-x64

3

$0.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PROGRAMFI...to.chm

windows7-x64

1

$PROGRAMFI...to.chm

windows10-2004-x64

1

$TEMP/4673...up.dll

windows7-x64

3

$TEMP/4673...up.dll

windows10-2004-x64

3

$TEMP/4673...le.exe

windows7-x64

1

$TEMP/4673...le.exe

windows10-2004-x64

3

$TEMP/Move...on.dll

windows7-x64

3

$TEMP/Move...on.dll

windows10-2004-x64

3

InstDrvAction-32.exe

windows7-x64

3

InstDrvAction-32.exe

windows10-2004-x64

3

UnloadModule.exe

windows7-x64

1

UnloadModule.exe

windows10-2004-x64

3

ePassNgMgr.exe

windows7-x64

3

ePassNgMgr.exe

windows10-2004-x64

3

ft12drv.dll

windows7-x64

4

ft12drv.dll

windows10-2004-x64

4

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    114s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/08/2024, 14:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8aaf4eba60924032f832fc6223780678_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    8aaf4eba60924032f832fc6223780678

  • SHA1

    65e0491be8ec8f574287d4ea60d7bc3f0178f654

  • SHA256

    afe4c1ac48c58f0671f15c3741e7e822d4f84fb99d05e14117005cc80912bcf6

  • SHA512

    899bbdd146199277d757b7751171527270ae978163eca30958f41b563ca894cd2e695efd63389d6c6e2200805e77c682f0785eaac956a5f56fcae24faefe402f

  • SSDEEP

    49152:5VtR7tQuV7hQbAyXUvZ5BjgPotU1tdotFDNZmJpASMNRGrHK:ftXrV7iXsZ5Bjgg2dothNZGWSMWrq

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 11 IoCs
  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\8aaf4eba60924032f832fc6223780678_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8aaf4eba60924032f832fc6223780678_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    PID:1852

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4673551D-STFT12-4FE7-A218-48BDAE051E2B_std\NGSetup.dll
    Filesize

    168KB

    MD5

    481815d8cd7a0f149deb0e0c34a0192e

    SHA1

    f02977bf518461cdfe8d3c6b2bb71089750a5ced

    SHA256

    3a1e9411ead9fc77543de2a8688a0b0a35c680502a7406ab5bb95f3d1ad956ff

    SHA512

    d4bc27da3059a413535399b1bcdd00766a329f0da10cc4ad33883857a4057473f9fbb31db99f847d75551768bd03fbe79342a879e47b155fefcd0a900c18dade

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\4673551D-STFT12-4FE7-A218-48BDAE051E2B_std\_shfoldr.dll
    Filesize

    20KB

    MD5

    b7993c10b9a8c3b9735d7696c7b9e8b6

    SHA1

    ac2e765311380bfa502b3b7aed2e8d80c351e08b

    SHA256

    6f0443a62fd444c4254f902f668543b867a0577504915d22cd75328f73cd4472

    SHA512

    d17ae76467f5fac056494a0fdef445a5bbb1f633507ddef9b2afc12dd47eaa68096784d47e968383b207382850100ef1915378e74564e29cbe1c8e0d422dd679

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\4673551D-STFT12-4FE7-A218-48BDAE051E2B_std\ft12\ngsetup.ini
    Filesize

    6KB

    MD5

    e142c6e63487a7836bcba4deb259eca4

    SHA1

    3d8b41f146d225a2bac899ab0c4fa62a5102418f

    SHA256

    73df6e385850b64c79fb6d561868c8077fd909b709a5c0572d4f9329453f12a4

    SHA512

    bc42c0eb7506dc1e48c167d721f583e7a9ce66cd3049c392756cf2f40eef6d13f39c9e5f5c776b3c75fcab1c6f73105af592a8086997d7d20f6fa9bd9db2957c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MoveOldVersion.dll
    Filesize

    116KB

    MD5

    31b08693ada2912f242988bec93203e3

    SHA1

    b41bcdaa2b9f553aae613efa80f547130d1dc237

    SHA256

    46891c74d66ae79405cb15aed74d8b2b90a4fc556aa20b840ee888f7668da6b3

    SHA512

    b8f9bb31c431347902e1d3ffa9ca961ee1032d2ed765d2fa9d61168c5e99629bf77a737d87cf80fc8f6d92ee70173e51c769301e335273ef37127048c4bd4ae6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsy67E4.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    eef9e469e8a30717974499f277d97e2a

    SHA1

    2d33c25984ebd9116beeb55cdde4c5c86c023e5d

    SHA256

    1f35bb6728237483c779005fc227e69fef51b0bafd32d15855d483948a337078

    SHA512

    d860132106a1c03dfa23f983b3c503f1216ac02f3d47833b96dfb333fb30bc8ab4d4fecd1f1f0a89f0c7f3586405461e2d53c26f282bb48970e549659b364b48

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsy67E4.tmp\System.dll
    Filesize

    11KB

    MD5

    c6f5b9596db45ce43f14b64e0fbcf552

    SHA1

    665a2207a643726602dc3e845e39435868dddabc

    SHA256

    4b6da3f2bdb6c452fb493b98f6b7aa1171787dbd3fa2df2b3b22ccaeac88ffa0

    SHA512

    8faa0204f9ed2721acede285be843b5a2d7f9986841bcf3816ebc8900910afb590816c64aebd2dd845686daf825bbf9970cb4a08b20a785c7e54542eddc5b09a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsy67E4.tmp\UserInfo.dll
    Filesize

    4KB

    MD5

    66bb40a1defb0aef9865919689d4aa96

    SHA1

    90cc473004f4351f25d026d13b3f7cb19ee23908

    SHA256

    82772146a77ac3bf5e3564361ca0de0b612a44482de4cf418c3deaa3b2ae7f1a

    SHA512

    1f26650b7d0068b7e8ad1ac861e00bd184c8bf47363e4766b17a9aed5985f8a54efdde87b30cd9b649d6f5b8eb991ef9d06d4501eac264e1ff096506786133c2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsy67E4.tmp\ioSpecial.ini
    Filesize

    411B

    MD5

    6e17f2efd34d1bde93b2ed9d8666221d

    SHA1

    7a6dd153a141c1dcbb7e04b045066c5d4a738a49

    SHA256

    91d68329b1f43c15b3f0005a7dfac429d7fa94b4f0975d168b3918ee6827ed32

    SHA512

    e40a43777bac33c38644ae1919f860e40b2637afc09cef3d5a894157532a8821db95e6b4ee24c84ec36f0289d392e518d5c82f162e7cdc215961085350561532

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsy67E4.tmp\ioSpecial.ini
    Filesize

    721B

    MD5

    27b5d31a248dbb5402077c87a91ec9e6

    SHA1

    8ea11e7db9bdc46ce6705e46feacd1f32651e49b

    SHA256

    6818d48d6baaeb259b11bf89c59087627b49a0edf1e94266ef21b120f1d07d7a

    SHA512

    1b733f35e137b6f6d01311ef0092da0fdc1e0c5558bc8e4223d05b74a4e485a96a0af5d851c513ebfc9d0ff665c0d6465936da967433b4a6d8a44166f01e8850

    Download Submit

  • memory/1852-18-0x0000000003020000-0x000000000303F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1852-27-0x0000000003060000-0x000000000308A000-memory.dmp

    Filesize

    168KB

    Download