Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

a1053ae11c...18.exe

windows7-x64

7

a1053ae11c...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

Extras/setup.exe

windows7-x64

7

Extras/setup.exe

windows10-2004-x64

7

$PLUGINSDI...se.dll

windows7-x64

3

$PLUGINSDI...se.dll

windows10-2004-x64

3

$PLUGINSDI...on.dll

windows7-x64

3

$PLUGINSDI...on.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDIR/Math.dll

windows7-x64

3

$PLUGINSDIR/Math.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/08/2024, 03:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a1053ae11c9858117898476472227f54_JaffaCakes118.exe

  • Size

    517KB

  • MD5

    a1053ae11c9858117898476472227f54

  • SHA1

    df3c284fd1598f3ac32e8bebf3e8f1f23c1a87bb

  • SHA256

    5b198bb26a6f72a8bf0eb79adfb52707ab3b486565a02ddf186a57d7df1896c1

  • SHA512

    ccd20a16fecc81cdedf91ed4f18305405713da75fb8e3c7504d6a07904603f4b1019d89bf771b17e1b59ffa0996c030f00f6461ab4168bda717bffefbd217df3

  • SSDEEP

    12288:l1BmdlARDT12oVW0G5NXIhMcVUaAutNjCIvwS4:l1BmdlAlYoI0G5NYhMFkDFt4

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\a1053ae11c9858117898476472227f54_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a1053ae11c9858117898476472227f54_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:1396

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nstF5DB.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    325b008aec81e5aaa57096f05d4212b5

    SHA1

    27a2d89747a20305b6518438eff5b9f57f7df5c3

    SHA256

    c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    SHA512

    18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nstF5DB.tmp\NSISdl.dll
    Filesize

    14KB

    MD5

    a5f8399a743ab7f9c88c645c35b1ebb5

    SHA1

    168f3c158913b0367bf79fa413357fbe97018191

    SHA256

    dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

    SHA512

    824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nstF5DB.tmp\inetc.dll
    Filesize

    20KB

    MD5

    7569b23f19a0f5cb4c1d3b30a296c4bb

    SHA1

    c5f3546b3c795e46445393960694a2341692ddc7

    SHA256

    615bf32e15aaa8d58832df2298f75dd2b29ea5f25bf152c99630315cb618a31a

    SHA512

    11663bf180f9540ad247957b6793f8afd1b4e66f3b692b4ad05735f07459dd524571245928c40e26e3de691472508f5632fcd4add1eebad559d504eca32c08a9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nstF5DB.tmp\nstF5DC.tmp
    Filesize

    2KB

    MD5

    8e62b792676e4d976e719d6750bc076e

    SHA1

    646ef8d8df6f8f11d5f25a6ac68e9208b26aa211

    SHA256

    360ac24f87c3634e36c79bfc8cce104985bebcc5719b93bdd05d6bb96596034a

    SHA512

    f4fc5a8b997286250d8a158b14be67c428a415e74e79aad511c708f826ac4ee7ee96a24073ee750577c1de2cc8cc157bc0403c5eb46fbc3fb3640896316d67d7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nstF5DB.tmp\nstF5DC.tmp
    Filesize

    2KB

    MD5

    75bcc5f1aa3b850ffbcf19f244cf9fbb

    SHA1

    c037b4fadea29d41f13c629eacc34cb467f09a51

    SHA256

    91e64ac61366cba23267498906532c8225418764457f62d985f014a666315845

    SHA512

    50dae97aa3f01ff06787007d7505f570b75ef49cbd8d962763139bfe9eaf27aeee0c04564eae914edfffc8e4230f33a4638b0e0b33e79e0a4b4e7109b2997e49

    Download Submit