Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

d3c9ca7730...18.exe

windows7-x64

7

d3c9ca7730...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    92s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/09/2024, 06:53 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d3c9ca7730a5b0f3bb6834fc3c466962_JaffaCakes118.exe

  • Size

    272KB

  • MD5

    d3c9ca7730a5b0f3bb6834fc3c466962

  • SHA1

    9c9b6e1ca894974086ad2320fec3a2ea108983b5

  • SHA256

    bf6310da13634ef8e565b73ff77ea68c4857d73f80b70d3f2bbfef4f8e5e1902

  • SHA512

    cb3764785dd07c7988c47df9a4f8fd3746c9b788c791383bd3c846a59a2adcc5fb4e446aadf2501aed943f36fd799edef20b9f66ec69fc86dae8eaa2dc69528b

  • SSDEEP

    6144:lE2TUVXxexXry6MGdXOA6CFeC5M/+PEg+mQvXzuaV48qLQH2BfZ:lEuWX4BG6jewfBYlua7qMSfZ

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\d3c9ca7730a5b0f3bb6834fc3c466962_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d3c9ca7730a5b0f3bb6834fc3c466962_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:4040

Network

  • flag-us
    DNS
    228.249.119.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    228.249.119.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    www.premiumsave.info
    d3c9ca7730a5b0f3bb6834fc3c466962_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    www.premiumsave.info
    IN A
    Response
  • flag-us
    DNS
    73.144.22.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    73.144.22.2.in-addr.arpa
    IN PTR
    Response
    73.144.22.2.in-addr.arpa
    IN PTR
    a2-22-144-73deploystaticakamaitechnologiescom
  • flag-us
    DNS
    4.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    4.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    www.premiumsave.info
    d3c9ca7730a5b0f3bb6834fc3c466962_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    www.premiumsave.info
    IN A
    Response
  • flag-us
    DNS
    www.premiumsave.info
    d3c9ca7730a5b0f3bb6834fc3c466962_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    www.premiumsave.info
    IN A
    Response
  • flag-us
    DNS
    133.211.185.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    133.211.185.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    86.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    86.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    171.39.242.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    171.39.242.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    121.170.16.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    121.170.16.2.in-addr.arpa
    IN PTR
    Response
    121.170.16.2.in-addr.arpa
    IN PTR
    a2-16-170-121deploystaticakamaitechnologiescom
  • flag-us
    DNS
    21.236.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    21.236.111.52.in-addr.arpa
    IN PTR
    Response
No results found
  • 8.8.8.8:53
    228.249.119.40.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    228.249.119.40.in-addr.arpa

  • 8.8.8.8:53
    www.premiumsave.info
    dns
    d3c9ca7730a5b0f3bb6834fc3c466962_JaffaCakes118.exe
    66 B
     145 B
     1
    1

    DNS Request

    www.premiumsave.info

  • 8.8.8.8:53
    73.144.22.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    73.144.22.2.in-addr.arpa

  • 8.8.8.8:53
    4.159.190.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    4.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    www.premiumsave.info
    dns
    d3c9ca7730a5b0f3bb6834fc3c466962_JaffaCakes118.exe
    66 B
     145 B
     1
    1

    DNS Request

    www.premiumsave.info

  • 8.8.8.8:53
    www.premiumsave.info
    dns
    d3c9ca7730a5b0f3bb6834fc3c466962_JaffaCakes118.exe
    66 B
     145 B
     1
    1

    DNS Request

    www.premiumsave.info

  • 8.8.8.8:53
    133.211.185.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    133.211.185.52.in-addr.arpa

  • 8.8.8.8:53
    86.23.85.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    86.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    171.39.242.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    171.39.242.20.in-addr.arpa

  • 8.8.8.8:53
    121.170.16.2.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    121.170.16.2.in-addr.arpa

  • 8.8.8.8:53
    21.236.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    21.236.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Tsu-0FC8.dll
    Filesize

    249KB

    MD5

    adb647de203421001356defee6fa3dab

    SHA1

    393278ddf756d236be35779666066c544acc7458

    SHA256

    c96807e91b41cbf4db5d3a97cc68662df344912f310b738b045501ac2c9eb5fd

    SHA512

    62024663db7af728ada8f73772c30d9ac9ec3486f0b1cd04c918d3ef3aa09d696c3dc063611b7fb6b661b0acc875f1cbd0ec73f9caab4cbdae83f652f294e821

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{AE406828-4382-F6A5-144E-0BA075A34ADE}\_Setup.dll
    Filesize

    168KB

    MD5

    bf17bc5b7c4b940a31c4d7feea98fbd6

    SHA1

    cfea6595635240360b0a7b8041cbed7d4806f091

    SHA256

    1f98aeb02575736e244aa9ed5cebb5af67c34980f24b296297902d0c6fcb7c27

    SHA512

    07e273088326d175a80aa1dd04c58d570a84ab8856fd4dc44feb80f51815a01aa15b50abeaf29d059e237509b67d07261acbb86f1a9d0abc678dca53cb8b5ab6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{AE406828-4382-F6A5-144E-0BA075A34ADE}\_Setupx.dll
    Filesize

    20KB

    MD5

    5f966bbfc6e827fd4ed9435fdc8866a6

    SHA1

    b5f99f68cfc8d3008e798ad5a99f4e11363a4940

    SHA256

    5ce25a530bfd1bcfccef1234ea152c34aaee40200c2bcde2a8e2a3d1268af913

    SHA512

    b543ce523e5cfa00c7663245100b1b72bce1319e4594d313cf6901f0306298d51054b6a4460ae6eefc8ae0c33e4fbb23a77a6338903e0bc68565ed5205995ce1

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.