Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

d605ed2ad5...18.exe

windows7-x64

7

d605ed2ad5...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    96s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/09/2024, 09:17 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d605ed2ad5cd3262bebc7d4e37d2fdbb_JaffaCakes118.exe

  • Size

    250KB

  • MD5

    d605ed2ad5cd3262bebc7d4e37d2fdbb

  • SHA1

    c74a0ebc567319d4a716040a2ac0571865cab53e

  • SHA256

    dc1dbe7c9157a2982b2681250c7b1318500a0ffb61c833a03656b3ef4ebcf6f0

  • SHA512

    3dacdca655003b27548eb43da98acb78ea149fc63f728cff92d8180ae54f213e3ed938f5c936f45f40a5f508de896e9032e24da72172820588fb5b2baa4abaf2

  • SSDEEP

    6144:sST7vS15CFJDv+CzqxXmbBrTqjEZA0t86IVAQklAiY/hZL3:sS328TPJqWPvIVLSAzbj

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\d605ed2ad5cd3262bebc7d4e37d2fdbb_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d605ed2ad5cd3262bebc7d4e37d2fdbb_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:2924

Network

  • flag-us
    DNS
    133.211.185.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    133.211.185.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    www.premiumsave.info
    d605ed2ad5cd3262bebc7d4e37d2fdbb_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    www.premiumsave.info
    IN A
    Response
  • flag-us
    DNS
    81.144.22.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    81.144.22.2.in-addr.arpa
    IN PTR
    Response
    81.144.22.2.in-addr.arpa
    IN PTR
    a2-22-144-81deploystaticakamaitechnologiescom
  • flag-us
    DNS
    133.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    133.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    www.premiumsave.info
    d605ed2ad5cd3262bebc7d4e37d2fdbb_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    www.premiumsave.info
    IN A
    Response
  • flag-us
    DNS
    www.premiumsave.info
    d605ed2ad5cd3262bebc7d4e37d2fdbb_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    www.premiumsave.info
    IN A
    Response
  • flag-us
    DNS
    228.249.119.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    228.249.119.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    157.123.68.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    157.123.68.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    56.126.166.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.126.166.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    43.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    43.229.111.52.in-addr.arpa
    IN PTR
    Response
No results found
  • 8.8.8.8:53
    133.211.185.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    133.211.185.52.in-addr.arpa

  • 8.8.8.8:53
    www.premiumsave.info
    dns
    d605ed2ad5cd3262bebc7d4e37d2fdbb_JaffaCakes118.exe
    66 B
     145 B
     1
    1

    DNS Request

    www.premiumsave.info

  • 8.8.8.8:53
    81.144.22.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    81.144.22.2.in-addr.arpa

  • 8.8.8.8:53
    133.32.126.40.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    133.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    www.premiumsave.info
    dns
    d605ed2ad5cd3262bebc7d4e37d2fdbb_JaffaCakes118.exe
    66 B
     145 B
     1
    1

    DNS Request

    www.premiumsave.info

  • 8.8.8.8:53
    www.premiumsave.info
    dns
    d605ed2ad5cd3262bebc7d4e37d2fdbb_JaffaCakes118.exe
    66 B
     145 B
     1
    1

    DNS Request

    www.premiumsave.info

  • 8.8.8.8:53
    228.249.119.40.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    228.249.119.40.in-addr.arpa

  • 8.8.8.8:53
    157.123.68.40.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    157.123.68.40.in-addr.arpa

  • 8.8.8.8:53
    56.126.166.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    56.126.166.20.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    172.214.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.214.232.199.in-addr.arpa

  • 8.8.8.8:53
    43.229.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    43.229.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\A89911F5\_Setup.dll
    Filesize

    121KB

    MD5

    e8025a0b0267729dc9edeaee0a087edf

    SHA1

    9406e1998f5a78aa15614d6098f9d1a5c3b1fe82

    SHA256

    e7f2e868787381b63ddb5888f1d47a2a2b05934483ff656f9e79be5fc5d43c8f

    SHA512

    a20f3fa066d7baadfd10c2247f1727ef2d01b6bd78a8c3f22ba2fe26745ea0aedd28576bf80e90c41fe2b030be43e2fd0f3cf74d438eb67269775aa231662a99

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\A89911F5\_Setupx.dll
    Filesize

    21KB

    MD5

    1e0ff78cc033cd0c24c6910fc66c796b

    SHA1

    8f88bb67a4ca3cfed40a0919dbe28558a3f026e2

    SHA256

    ed01ebf124a381cb6817e27c8ffed0f2866ebffe45d130ef89a69858895e10f2

    SHA512

    0219b1e6bd43a5b5e8749eb47fa702874d45efb03471d96f7d7935bdd6aafd28574bfe236766669315879453431064b92917a14f4042001e2257d159d7c841a7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tsu-0B6C.dll
    Filesize

    248KB

    MD5

    961bab6d3b9d50e12b40f724943b5c0d

    SHA1

    90cd69057be30e44f77fe5c2e0bd38f42886a1b3

    SHA256

    d1c6caca7e52bc4228e5177ebe8d1a4133f8ccde9db5bab882512c1b74add18d

    SHA512

    bde1a35be017a07f06ee3b40de48aaa557b2274a53f0fdda392c5d874f9fc0dcce98b589e5be62be072ef2f6ceda92c8f072d11c3b18d888285c517d9c3c8f9e

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.