Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

ac1a943f13...18.exe

windows7-x64

7

ac1a943f13...18.exe

windows10-2004-x64

7

$PLUGINSDI...RL.dll

windows7-x64

3

$PLUGINSDI...RL.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...nz.dll

windows7-x64

3

$PLUGINSDI...nz.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/08/2024, 18:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ac1a943f1356f2f213c460862ac869a3_JaffaCakes118.exe

  • Size

    554KB

  • MD5

    ac1a943f1356f2f213c460862ac869a3

  • SHA1

    b5d686ddf73296d9b4b58762f0d29afb3ee471b4

  • SHA256

    b8d186a300ca4ea835397fe4d2324f00ec8e356aa5cfc1d9540d92ffd02ee802

  • SHA512

    4bd3e144e24d72287cb5d6387dca928e67ae0d1e1bfa8b40dfe9a53a9f8079a3268adb8469a0608d62249d3667be83ddc13ee81c70c545c1261c3ed223653528

  • SSDEEP

    6144:Te34R2hieH3zh36dqXEV2rnCeZG/t7FTBqTzP7n7O7L6K2Bfo7prY:X2h3Xzh36VV2Go0ZTsnz7O7L6ju7ps

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\ac1a943f1356f2f213c460862ac869a3_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ac1a943f1356f2f213c460862ac869a3_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:4432

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsm97A3.tmp\BrandingURL.dll
    Filesize

    4KB

    MD5

    71c46b663baa92ad941388d082af97e7

    SHA1

    5a9fcce065366a526d75cc5ded9aade7cadd6421

    SHA256

    bb2b9c272b8b66bc1b414675c2acba7afad03fff66a63babee3ee57ed163d19e

    SHA512

    5965bd3f5369b9a1ed641c479f7b8a14af27700d0c27d482aa8eb62acc42f7b702b5947d82f9791b29bcba4d46e1409244f0a8ddce4ec75022b5e27f6d671bce

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsm97A3.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    325b008aec81e5aaa57096f05d4212b5

    SHA1

    27a2d89747a20305b6518438eff5b9f57f7df5c3

    SHA256

    c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    SHA512

    18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsm97A3.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    9384f4007c492d4fa040924f31c00166

    SHA1

    aba37faef30d7c445584c688a0b5638f5db31c7b

    SHA256

    60a964095af1be79f6a99b22212fefe2d16f5a0afd7e707d14394e4143e3f4f5

    SHA512

    68f158887e24302673227adffc688fd3edabf097d7f5410f983e06c6b9c7344ca1d8a45c7fa05553adcc5987993df3a298763477168d4842e554c4eb93b9aaaf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsm97A3.tmp\NSISdl.dll
    Filesize

    14KB

    MD5

    a5f8399a743ab7f9c88c645c35b1ebb5

    SHA1

    168f3c158913b0367bf79fa413357fbe97018191

    SHA256

    dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

    SHA512

    824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsm97A3.tmp\UAC.dll
    Filesize

    17KB

    MD5

    09caf01bc8d88eeb733abc161acff659

    SHA1

    b8c2126d641f88628c632dd2259686da3776a6da

    SHA256

    3555afe95e8bb269240a21520361677b280562b802978fccfb27490c79b9a478

    SHA512

    ef1e8fc4fc8f5609483b2c459d00a47036699dfb70b6be6f10a30c5d2fc66bae174345bffa9a44abd9ca029e609ff834d701ff6a769cca09fe5562365d5010fa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsm97A3.tmp\ioSpecial.ini
    Filesize

    1008B

    MD5

    3b5abbc11793d095f6656731d3fbfe9f

    SHA1

    0be859aca4f6a1583dd2073d4a6760c5be93f634

    SHA256

    9b9ed46d112432df2ae606ba3f69d5dae645cc8c70ecb77f581cd8446847d49c

    SHA512

    120632ca54c131f31d44f1cedb683cec9df6b78c6cc16f5f539229ec5c5d22c3a3cbb99e89dde0617e00f5b88c59e89ea7140c5d161bbfc03d0c956d41c69c7b

    Download Submit