Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
3da4cc78571...18.exe
windows7-x64
7da4cc78571...18.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3AutomaticUpdate.exe
windows7-x64
3AutomaticUpdate.exe
windows10-2004-x64
3NetworkAdm...or.exe
windows7-x64
3NetworkAdm...or.exe
windows10-2004-x64
3Plugins/Agent32.exe
windows7-x64
3Plugins/Agent32.exe
windows10-2004-x64
3Plugins/Agent64.exe
windows7-x64
1Plugins/Agent64.exe
windows10-2004-x64
1Plugins/Ag...ld.exe
windows7-x64
3Plugins/Ag...ld.exe
windows10-2004-x64
3Plugins/Ag...32.dll
windows7-x64
3Plugins/Ag...32.dll
windows10-2004-x64
3Plugins/Ag...64.dll
windows7-x64
1Plugins/Ag...64.dll
windows10-2004-x64
1Plugins/Ag...32.dll
windows7-x64
3Plugins/Ag...32.dll
windows10-2004-x64
3Plugins/Ag...64.dll
windows7-x64
1Plugins/Ag...64.dll
windows10-2004-x64
1Plugins/Ag...gs.exe
windows7-x64
3Plugins/Ag...gs.exe
windows10-2004-x64
3Plugins/Ag...rd.exe
windows7-x64
3Plugins/Ag...rd.exe
windows10-2004-x64
3Plugins/AgentTray.exe
windows7-x64
3Plugins/AgentTray.exe
windows10-2004-x64
3Plugins/Ag...ll.exe
windows7-x64
6Plugins/Ag...ll.exe
windows10-2004-x64
6Plugins/Ch...pt.vbs
windows7-x64
1Plugins/Ch...pt.vbs
windows10-2004-x64
1Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
11/09/2024, 11:58
Static task
static1
Behavioral task
behavioral1
Sample
da4cc7857119f58f14ebad6849c905ad_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
da4cc7857119f58f14ebad6849c905ad_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240729-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
AutomaticUpdate.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
AutomaticUpdate.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
NetworkAdministrator.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
NetworkAdministrator.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
Plugins/Agent32.exe
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
Plugins/Agent32.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
Plugins/Agent64.exe
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
Plugins/Agent64.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
Plugins/AgentBuild.exe
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
Plugins/AgentBuild.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
Plugins/AgentCAD32.dll
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
Plugins/AgentCAD32.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
Plugins/AgentCAD64.dll
Resource
win7-20240708-en
Behavioral task
behavioral18
Sample
Plugins/AgentCAD64.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
Plugins/AgentHook32.dll
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
Plugins/AgentHook32.dll
Resource
win10v2004-20240910-en
Behavioral task
behavioral21
Sample
Plugins/AgentHook64.dll
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
Plugins/AgentHook64.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
Plugins/AgentSettings.exe
Resource
win7-20240708-en
Behavioral task
behavioral24
Sample
Plugins/AgentSettings.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral25
Sample
Plugins/AgentSetupWizard.exe
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
Plugins/AgentSetupWizard.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
Plugins/AgentTray.exe
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
Plugins/AgentTray.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral29
Sample
Plugins/AgentUninstall.exe
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
Plugins/AgentUninstall.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral31
Sample
Plugins/Change Network Configuration/Script.vbs
Resource
win7-20240708-en
Behavioral task
behavioral32
Sample
Plugins/Change Network Configuration/Script.vbs
Resource
win10v2004-20240802-en
General
-
Target
da4cc7857119f58f14ebad6849c905ad_JaffaCakes118.exe
-
Size
17.5MB
-
MD5
da4cc7857119f58f14ebad6849c905ad
-
SHA1
f3a113ec3ca63d9c042abe7e65e9fa1e831c4bcd
-
SHA256
bd75ae822853ffcc0240a9435ef0d498d69f939c08c66baf4152ff81fd2fa038
-
SHA512
b1f2947684576139a7fd05d09e6fb363641fc3a72165c609f3ab2b3edf418c7104721ddec163cc59e8997a5f4172a2aa123cfc67f919fc5bba343b6bf55045e1
-
SSDEEP
393216:ErPcgj2JunPrZTxaR8fEg5lQZw+lsrwARFIpuCZoc0EDa7EiAt:ErPFXlwSfEeQy+EwARFIUCycxO7At
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 1696 da4cc7857119f58f14ebad6849c905ad_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language da4cc7857119f58f14ebad6849c905ad_JaffaCakes118.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1696 da4cc7857119f58f14ebad6849c905ad_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\da4cc7857119f58f14ebad6849c905ad_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\da4cc7857119f58f14ebad6849c905ad_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:1696
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
697B
MD56d0dc459f03dc991edfbc70d1457c0a3
SHA1172ca4f2b9d4f9665b61c3cf491133d474777d68
SHA256e52802ccfada41b679e2b7db990118a501f9c3762c8483be7b4d19e20fdb9fdc
SHA512d1e6b8c27ee33bd6a43880938c9a59cd067571669eaba246940212ad23f87bf64a110a0b0b4bdc54a41611604d6f4b8576bc317fe73c3c7e344f0f2acf8a33fa
-
Filesize
14KB
MD5d8ccde4f7d6110f806c9c63b30bfcb8c
SHA17b8ef1099bb5eced652fa82278470a4dbb8a4e97
SHA2567315ee331d39fbbb1b9e3b8c1d7ebb599b68d9916270add229dcabb59c975cc7
SHA512068fcc59ccbdce8d01797df90185956485adbbeaab6859f87ecaef12203d7369f95d1834de7e5bf1221c0c1543ef5f69bf29cc1345e95ed046d2ecbc142312fb