Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
38dabaad433...18.exe
windows7-x64
78dabaad433...18.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...nu.dll
windows7-x64
3$PLUGINSDI...nu.dll
windows10-2004-x64
3Alligator.exe
windows7-x64
3Alligator.exe
windows10-2004-x64
3BlackShark.exe
windows7-x64
1BlackShark.exe
windows10-2004-x64
3Get your r...de.url
windows7-x64
1Get your r...de.url
windows10-2004-x64
1MIG_29.dll
windows7-x64
3MIG_29.dll
windows10-2004-x64
3MSORecovery.exe
windows7-x64
7MSORecovery.exe
windows10-2004-x64
7Uninstall.exe
windows7-x64
7Uninstall.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3bs_load.dll
windows7-x64
3bs_load.dll
windows10-2004-x64
3bs_wm.dll
windows7-x64
3bs_wm.dll
windows10-2004-x64
3gdiplus.dll
windows7-x64
3gdiplus.dll
windows10-2004-x64
3t34.dll
windows7-x64
3t34.dll
windows10-2004-x64
3wab_recovery.exe
windows7-x64
6wab_recovery.exe
windows10-2004-x64
6Analysis
-
max time kernel
101s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
12/08/2024, 06:30
Static task
static1
Behavioral task
behavioral1
Sample
8dabaad433dbb2b516e75168ca970903_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
8dabaad433dbb2b516e75168ca970903_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
Alligator.exe
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
Alligator.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
BlackShark.exe
Resource
win7-20240729-en
Behavioral task
behavioral10
Sample
BlackShark.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
Get your registration code.url
Resource
win7-20240705-en
Behavioral task
behavioral12
Sample
Get your registration code.url
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
MIG_29.dll
Resource
win7-20240708-en
Behavioral task
behavioral14
Sample
MIG_29.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
MSORecovery.exe
Resource
win7-20240708-en
Behavioral task
behavioral16
Sample
MSORecovery.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
Uninstall.exe
Resource
win7-20240704-en
Behavioral task
behavioral18
Sample
Uninstall.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240704-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral21
Sample
bs_load.dll
Resource
win7-20240729-en
Behavioral task
behavioral22
Sample
bs_load.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
bs_wm.dll
Resource
win7-20240708-en
Behavioral task
behavioral24
Sample
bs_wm.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral25
Sample
gdiplus.dll
Resource
win7-20240708-en
Behavioral task
behavioral26
Sample
gdiplus.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
t34.dll
Resource
win7-20240705-en
Behavioral task
behavioral28
Sample
t34.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral29
Sample
wab_recovery.exe
Resource
win7-20240704-en
Behavioral task
behavioral30
Sample
wab_recovery.exe
Resource
win10v2004-20240802-en
General
-
Target
8dabaad433dbb2b516e75168ca970903_JaffaCakes118.exe
-
Size
7.1MB
-
MD5
8dabaad433dbb2b516e75168ca970903
-
SHA1
4faeb166b07c6e81db33cfb978473d157e1a05c1
-
SHA256
3dacbf49ecb37c75438c28e2762dbab36aba3e817bf7568767d2135f2800444b
-
SHA512
ca7eb17717693b63007e218da7d6d3e51bbe3af79ff9e080b1cd5340a06137698601a26885d3843a8dd8c01fa0236892560403b9725927689c97d9956e990aa1
-
SSDEEP
196608:kQqUejR4kJxjTbSYcOGn6/21XnyzGUQipup0:UjR4k/jT2DC2Ez1Qipb
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 1972 8dabaad433dbb2b516e75168ca970903_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 8dabaad433dbb2b516e75168ca970903_JaffaCakes118.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1972 8dabaad433dbb2b516e75168ca970903_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\8dabaad433dbb2b516e75168ca970903_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\8dabaad433dbb2b516e75168ca970903_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:1972
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
735B
MD5755c93630b40ee02a313bd72276b4cc9
SHA1e6fbd5162aaf01123cddc0f9c0f5425b3df74058
SHA2562b99414ac00ee42423b881395cc7dd97d2747f6c46fd7351599bbc2cc17252a4
SHA512a4654166516845b9bc8e4010a1a55a32336c6ef219f1d311bb5797a1e9cb4e171392b71d67299edfc65994163a14770717e070f5adf8716c0dbbd2609f8637c6
-
Filesize
696B
MD5a4bf4e092903758458c8515422c1a5cf
SHA1f9f87ef0a49cdbe4c7dd65cdfa5566b5871e2f52
SHA25625e3096812e8f1b848cddee84f28f74916dd576a5a72134e58ef69b1170558ec
SHA512cc17eb107ace0d136178b4cf74b25619743ce5c08177b4447054ea3f18adba42428db6209c33af6725b76dfd17d6e54ecc34c24800fb32cfd9baeedc8f0a816f
-
Filesize
14KB
MD5325b008aec81e5aaa57096f05d4212b5
SHA127a2d89747a20305b6518438eff5b9f57f7df5c3
SHA256c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
SHA51218362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf