Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

a1053ae11c...18.exe

windows7-x64

7

a1053ae11c...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

Extras/setup.exe

windows7-x64

7

Extras/setup.exe

windows10-2004-x64

7

$PLUGINSDI...se.dll

windows7-x64

3

$PLUGINSDI...se.dll

windows10-2004-x64

3

$PLUGINSDI...on.dll

windows7-x64

3

$PLUGINSDI...on.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDIR/Math.dll

windows7-x64

3

$PLUGINSDIR/Math.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    17/08/2024, 03:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a1053ae11c9858117898476472227f54_JaffaCakes118.exe

  • Size

    517KB

  • MD5

    a1053ae11c9858117898476472227f54

  • SHA1

    df3c284fd1598f3ac32e8bebf3e8f1f23c1a87bb

  • SHA256

    5b198bb26a6f72a8bf0eb79adfb52707ab3b486565a02ddf186a57d7df1896c1

  • SHA512

    ccd20a16fecc81cdedf91ed4f18305405713da75fb8e3c7504d6a07904603f4b1019d89bf771b17e1b59ffa0996c030f00f6461ab4168bda717bffefbd217df3

  • SSDEEP

    12288:l1BmdlARDT12oVW0G5NXIhMcVUaAutNjCIvwS4:l1BmdlAlYoI0G5NYhMFkDFt4

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a1053ae11c9858117898476472227f54_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a1053ae11c9858117898476472227f54_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2932

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsoECA2.tmp\nsoECA3.tmp
    Filesize

    2KB

    MD5

    06b967f861e41fa95d14d27f8fee50e1

    SHA1

    25de92579d528b3f63fbd8c699460728ec23593e

    SHA256

    b74c83fa27e0f9de184c07045ebb1272f663dd6bac76c442e2d9d27546a00f2e

    SHA512

    6f33a1ca52aa55b249cfd3c7fb94754568dddf35d873568e82d3e19f717b369b15af619476fb1a5b7753ad4e0a9346b82998f4f278a9c1d03438e1b7c092e3ff

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsoECA2.tmp\nsoECA3.tmp
    Filesize

    2KB

    MD5

    b610fe895b9119ba234f18fa9f3fbf77

    SHA1

    d2285c7c48fe975957798ec9ea58d4fd1cf4ebd5

    SHA256

    6b37d518d6313c444ec7739dac093556d3e9cf549cf7a1e4f0c0f0d7c83f1a89

    SHA512

    0acee5020b46f7bc01afb8e864304c5d242c5f6cc73b69169f57487590d04505485133546441946f7c76895b8082163b472c5f30d00330e49bb63d3700fc1dbf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsoECA2.tmp\nsoECA3.tmp
    Filesize

    2KB

    MD5

    3dd64862d13456cd090eb09363b19c2d

    SHA1

    c3c9f0d2962bb328f8c555f34396b8a36985fd54

    SHA256

    6aba47c85ffda0dc20098997b3f77b3e2382c57f1d882a01ad74ba4313c3791a

    SHA512

    1e3f9ffa4e354277cf3182cf7a5e8960bbfd33588ee97b8f81c43132a5b62f52ed96fa6805aa1a48ca0a467952453e1e2ba6e923d38abf9de692099ddb6d474d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsoECA2.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    325b008aec81e5aaa57096f05d4212b5

    SHA1

    27a2d89747a20305b6518438eff5b9f57f7df5c3

    SHA256

    c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    SHA512

    18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsoECA2.tmp\NSISdl.dll
    Filesize

    14KB

    MD5

    a5f8399a743ab7f9c88c645c35b1ebb5

    SHA1

    168f3c158913b0367bf79fa413357fbe97018191

    SHA256

    dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

    SHA512

    824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsoECA2.tmp\inetc.dll
    Filesize

    20KB

    MD5

    7569b23f19a0f5cb4c1d3b30a296c4bb

    SHA1

    c5f3546b3c795e46445393960694a2341692ddc7

    SHA256

    615bf32e15aaa8d58832df2298f75dd2b29ea5f25bf152c99630315cb618a31a

    SHA512

    11663bf180f9540ad247957b6793f8afd1b4e66f3b692b4ad05735f07459dd524571245928c40e26e3de691472508f5632fcd4add1eebad559d504eca32c08a9

    Download Submit