Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    11/09/2024, 11:58

General

  • Target

    da4cc7857119f58f14ebad6849c905ad_JaffaCakes118.exe

  • Size

    17.5MB

  • MD5

    da4cc7857119f58f14ebad6849c905ad

  • SHA1

    f3a113ec3ca63d9c042abe7e65e9fa1e831c4bcd

  • SHA256

    bd75ae822853ffcc0240a9435ef0d498d69f939c08c66baf4152ff81fd2fa038

  • SHA512

    b1f2947684576139a7fd05d09e6fb363641fc3a72165c609f3ab2b3edf418c7104721ddec163cc59e8997a5f4172a2aa123cfc67f919fc5bba343b6bf55045e1

  • SSDEEP

    393216:ErPcgj2JunPrZTxaR8fEg5lQZw+lsrwARFIpuCZoc0EDa7EiAt:ErPFXlwSfEeQy+EwARFIUCycxO7At

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\da4cc7857119f58f14ebad6849c905ad_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\da4cc7857119f58f14ebad6849c905ad_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    PID:1696

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsyB51D.tmp\ioSpecial.ini

    Filesize

    697B

    MD5

    6d0dc459f03dc991edfbc70d1457c0a3

    SHA1

    172ca4f2b9d4f9665b61c3cf491133d474777d68

    SHA256

    e52802ccfada41b679e2b7db990118a501f9c3762c8483be7b4d19e20fdb9fdc

    SHA512

    d1e6b8c27ee33bd6a43880938c9a59cd067571669eaba246940212ad23f87bf64a110a0b0b4bdc54a41611604d6f4b8576bc317fe73c3c7e344f0f2acf8a33fa

  • \Users\Admin\AppData\Local\Temp\nsyB51D.tmp\InstallOptions.dll

    Filesize

    14KB

    MD5

    d8ccde4f7d6110f806c9c63b30bfcb8c

    SHA1

    7b8ef1099bb5eced652fa82278470a4dbb8a4e97

    SHA256

    7315ee331d39fbbb1b9e3b8c1d7ebb599b68d9916270add229dcabb59c975cc7

    SHA512

    068fcc59ccbdce8d01797df90185956485adbbeaab6859f87ecaef12203d7369f95d1834de7e5bf1221c0c1543ef5f69bf29cc1345e95ed046d2ecbc142312fb