Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

dbbaae6190...18.exe

windows7-x64

7

dbbaae6190...18.exe

windows10-2004-x64

7

$PLUGINSDI...sh.dll

windows7-x64

3

$PLUGINSDI...sh.dll

windows10-2004-x64

3

$PLUGINSDI...ge.dll

windows7-x64

3

$PLUGINSDI...ge.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$WINDIR/ls...py.cmd

windows7-x64

1

$WINDIR/ls...py.cmd

windows10-2004-x64

1

LingvoSoft...ar.chm

windows7-x64

1

LingvoSoft...ar.chm

windows10-2004-x64

1

LingvoSoft...fo.chm

windows7-x64

1

LingvoSoft...fo.chm

windows10-2004-x64

1

LingvoSoft...lp.chm

windows7-x64

1

LingvoSoft...lp.chm

windows10-2004-x64

1

LingvoSoft...te.url

windows7-x64

1

LingvoSoft...te.url

windows10-2004-x64

1

LingvoSoft...ll.exe

windows7-x64

7

LingvoSoft...ll.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

00lsFRAR.html

windows7-x64

3

00lsFRAR.html

windows10-2004-x64

3

LD069D~1.html

windows7-x64

3

LD069D~1.html

windows10-2004-x64

3

LD13C4~1.html

windows7-x64

3

LD13C4~1.html

windows10-2004-x64

3

Analysis

  • max time kernel
    93s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/09/2024, 03:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dbbaae6190ddcaadd6ec4a95f6a350e5_JaffaCakes118.exe

  • Size

    2.9MB

  • MD5

    dbbaae6190ddcaadd6ec4a95f6a350e5

  • SHA1

    e81fc3f4e40f2df579243a0bcdd16dcf557b33d3

  • SHA256

    c1019ece5e1779bda9a8a5a072d9f3806e655a489ddae31fbb4f4eefe57651d3

  • SHA512

    5e5cd268ead752e96ada805736235f0d50ba439a31f6c81db6716c11d4cb0b71ce3013b735cb82b073e871b687ec2942bd8980e1de1407126de4e5880a9ef251

  • SSDEEP

    49152:Zoj+bo81Qucgm0k7fmYPQ0deKFOZ2A6XqAZauEnuDA1vbfDmgPI4CKVm2Sd3KhuR:ex8qhwkLmYo0deKq2AObZQKwvHf3zV5i

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\dbbaae6190ddcaadd6ec4a95f6a350e5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\dbbaae6190ddcaadd6ec4a95f6a350e5_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:1400

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsf5F97.tmp\AdvSplash.dll
    Filesize

    6KB

    MD5

    c2b0653b5c96f8c9a0d07d157739006d

    SHA1

    026734bde377a73bc70815ec71225f3025ddba80

    SHA256

    cededcb856f634d96f6a52ebfad5f0a7992160bd59e56b4fcb29a4d8dded4b52

    SHA512

    293e9badf2f960c0e1ad82920061977dcfd7ba470918d0ac659f2446783306268410a7de9eb03c78c4a6e44f62c521c83b4335c7474bfe47ea8321fe801af2fc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsf5F97.tmp\BgImage.dll
    Filesize

    7KB

    MD5

    8ef133159dacbae0af1df462947380d9

    SHA1

    35cb496273f5f5bd106e56f5da5964fac9df8352

    SHA256

    0fa63770dcffdd96abce6f29f47356d7cd2294b5da33bb709a567368b3bb0ae9

    SHA512

    8280131d6e65eb79b2621269113a845a27decde1fbc2ea5a72c6416ea9285c768fdd167c961e5889754d2d6a97105b1c91f97234af4520b3a80c98b45bcc7363

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsf5F97.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    b18dfaded8f6d2380fdfd8f6b6969211

    SHA1

    969fa0e906240ab1123254feeb833c275626cf76

    SHA256

    747d0222b652dbfc85e0de4f8486473662d325a55e32c7eacb91e53e37ceba58

    SHA512

    25fb09b8657997d31e61c908f1cd08357c1a1b68bbb1ba377e87b6a3eb347a2ef96c1a771b6c4332853abb33728c55c83efa73df5da03f3dfc132f8a69a2886c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsf5F97.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    9b17a13f814b137f88b961c087858063

    SHA1

    c290dd3139b79aa340aec3ed3d674160433035e1

    SHA256

    e54792a179a06acbb9b69c117ee804dce070505d1853d6e7d512f2a055a801b2

    SHA512

    3a625f5f13e344c24973c79c074d1ced4d9206f87f392dc7c8f0c116d0f2b878b60340e2377d0240c47f0e34e25e4e3af8b196bbca1c6a29a0f51d8408e8b0ec

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsf5F97.tmp\UserInfo.dll
    Filesize

    4KB

    MD5

    d9bfc172ffb915cb6e07759674844993

    SHA1

    42775b7eacb8c24c82aa496bf6b42b8e60c94b53

    SHA256

    9ef619bef78d71437d2d332244b405f7dec82a11c8e5917bcbb182b91fdad5c2

    SHA512

    846e5cb7f45d1d1ac41c150823daaf2299730ec347b5c5e640250953ec88df3c63005cb835a708ef940777d8cbeb3a97b252db9e627fd87245a115c20b670735

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsf5F97.tmp\ioSpecial.ini
    Filesize

    780B

    MD5

    bced4539b443bdcdafbce5a90fef0165

    SHA1

    62b9a9c36ec33bd5f086acb92785a0bd7a6ae288

    SHA256

    e81222309f1ebe67f5b26046d38d22cff4fa90444e68c4ea36466042f3028bea

    SHA512

    1bafe33a567a94966e896d2ccc04633431cca2dca2401b4da8ef8794a4a6a65922c11be4e828b8c3e67329c9ce4255332008f52fbde58e03fa6d5f463ab68c81

    Download Submit