Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

9

cfd01b8d44...18.exe

windows7-x64

7

cfd01b8d44...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

smsniff.chm

windows7-x64

1

smsniff.chm

windows10-2004-x64

1

smsniff.exe

windows7-x64

9

smsniff.exe

windows10-2004-x64

9

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/09/2024, 15:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cfd01b8d442ffa4ce981ee246fdc99ab_JaffaCakes118.exe

  • Size

    151KB

  • MD5

    cfd01b8d442ffa4ce981ee246fdc99ab

  • SHA1

    48df4ac24df3fd0d6fa5b2f745fb00a1d30e7735

  • SHA256

    267bdfcd1012dd782dc67d24841b02c793efb43aa7cafb65f17c85fd63c70a1e

  • SHA512

    68361616805a94ff038bd0204e6188403b41735251151d57b6e2692daa7a34cd19df99d80af74cf4a055023627443af677a890e0a963213b227e5e7ec5db9d29

  • SSDEEP

    3072:Qd/vyWmJe45UX9rJx1klW5qzEmu0qtHmMH2Q4+GBlyDLR:QXptXlYzEmu0qtHmVQ4+dR

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\cfd01b8d442ffa4ce981ee246fdc99ab_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\cfd01b8d442ffa4ce981ee246fdc99ab_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:4376

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nshB2C7.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    3809b1424d53ccb427c88cabab8b5f94

    SHA1

    bc74d911216f32a9ca05c0d9b61a2aecfc0d1c0e

    SHA256

    426efd56da4014f12ec8ee2e268f86b848bbca776333d55482cb3eb71c744088

    SHA512

    626a1c5edd86a71579e42bac8df479184515e6796fa21cb4fad6731bb775641d25f8eb8e86b939b9db9099453e85c572c9ea7897339a3879a1b672bc9226fcee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nshB2C7.tmp\ioSpecial.ini
    Filesize

    744B

    MD5

    4a5194826aac752131d4d6270e6da334

    SHA1

    bade6a8795998dbe2dc08236f77a54253ffc01a1

    SHA256

    c4cc3de0b974d8e128fcfe3fe8dec87de1469986778128ee827f31283602bca0

    SHA512

    885bdc99d66c2ff7a1c401d0389cece5fc0891617e592b41f4f7988cca92af85d11e82c4a3d06545cbd12fbe1f67cde110e689f5f315f5e25ee6ed94dd36a14f

    Download Submit