Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
7eacfb08970...18.exe
windows7-x64
7eacfb08970...18.exe
windows10-2004-x64
7$PLUGINSDI...os.dll
windows7-x64
3$PLUGINSDI...os.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$TEMPImg/C...04.exe
windows7-x64
3$TEMPImg/C...04.exe
windows10-2004-x64
3$TEMPImg/regver.exe
windows7-x64
3$TEMPImg/regver.exe
windows10-2004-x64
3InternetHi...er.exe
windows7-x64
7InternetHi...er.exe
windows10-2004-x64
7Uninst.exe
windows7-x64
7Uninst.exe
windows10-2004-x64
7$PLUGINSDI...es.dll
windows7-x64
3$PLUGINSDI...es.dll
windows10-2004-x64
3Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
19/09/2024, 07:02
Behavioral task
behavioral1
Sample
eacfb08970148a2b303c10f5e772d960_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
eacfb08970148a2b303c10f5e772d960_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/ExecDos.dll
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/ExecDos.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
$TEMPImg/CheckVer104.exe
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
$TEMPImg/CheckVer104.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
$TEMPImg/regver.exe
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
$TEMPImg/regver.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
InternetHistoryCleaner.exe
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
InternetHistoryCleaner.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
Uninst.exe
Resource
win7-20240708-en
Behavioral task
behavioral14
Sample
Uninst.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/Processes.dll
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/Processes.dll
Resource
win10v2004-20240802-en
General
-
Target
$TEMPImg/regver.exe
-
Size
290KB
-
MD5
9181b183dd3096301e7211ed0312de8a
-
SHA1
0c321747b581ad79da70dc9aab183cc12c3bbefd
-
SHA256
202fcecc53f1ffd2d1d85cc4cc79a24ae37285ce564e15615b5d13ca69487968
-
SHA512
5316e0511746c75603ba02eaf79b9aafbb29356f94279f466d3f17e9894082f14cf052ca3b8f52a149815e8c9b58f5d4b02ef1dcc3d677dc27032480f788adf7
-
SSDEEP
6144:hIPYFHLrOWl1uIQtbf2QVDZEY4KUC3VM7UaEHpTLNUqNxC2kOoKXl:h+YFHUtbOUeKt3VMQaEHpTDx/kOX1
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regver.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main regver.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 1920 regver.exe 1920 regver.exe 1920 regver.exe 1920 regver.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
867B
MD5c5dfb849ca051355ee2dba1ac33eb028
SHA1d69b561148f01c77c54578c10926df5b856976ad
SHA256cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b
SHA51288289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD542af78e52291302ea991140daf89dddf
SHA16d64b0a238270eb75c61048a179ef957e656b36a
SHA256bb44e89b71397012b812be3516f32f67b068e898c00e71c79c8b71f75e48b046
SHA5121bd7afa4bb447869bb65f904c7da2977e388dbc8c7a185e7d6f62a914c4da573172570ba5c587ec1e304a2700dd3adea8c1d12427753b402fd74fe29f1c68767
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54ea154953ed691c9f845816926a99ed9
SHA109adb0b2ade1f08c043160f6e9db7e67b58935e9
SHA256edf3a64d4ac1831343f34b171b5dc1da72095968a7b7c7766a87ce0972ce7564
SHA51275ceb35894a5669ffb6ade304e4771a82501897a3999cf4ab1fb637fc58796c9a633afb57623d0a5a2b46886dbf554a6ef37603444ae5bd16490d99bf9e09ef3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50aaddabdcd352b9866ce370e0d00f1da
SHA166ec901b8ff22967a67ed25524ac5910960612c7
SHA25665fa3ecb6b8d2f834859d8bb4341a9618060f0bab6b1462353e90508d6b92aaa
SHA5120b4a02bd4ab950cbe1f010edee59baf474fdfb3afd5f88e4830f5df58f5fb57d4bb41c169e4c53f43b965c060aa57ca99a34c90d8aff06247116d6a0b55d456b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD582be1ddc3695551cf558fa9600b195a2
SHA1ec67e842a4db967228b9c4191dc4cf2466aea678
SHA2565f080cdb031a58b97f7620f641fc2dc1564af3194180fda14d810b522fe50758
SHA51276f4b363b13b6da64f01201db9043c85dd7d0df9c6316952e0cf5a872dab85dda696d6fef598ba3ee944376d602bfdcbd162ee18f709e67c579085cac9c5087d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5df25dfdec711196c2496fd39debac1cc
SHA15cb954b3984b6f5879ce13ef120d2e828f40dadf
SHA256b0404083eb005b024d23cb39fa5d0cfe81d5e9af4b912c36b0f93bcb8d8926ab
SHA5127c32ecad43653addf902659342960107a1e06d4b702053d45c1dbe68ec08b2ad5c8a806daf7cf01e409354bff057aea9950e202d0d40c741d823acaf732ce8e2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dbe862e7782613f359dc084ff4bbf53b
SHA191ebb89284774ced01409a41302240ba3a53056a
SHA2562dd2c37045b431475033a6d27eb679d607b5f25b55f467328a04b406c0bb9709
SHA5128502f71672f5a1b70851662ce472efb5001ac0a5c5699ccebf5a84586ddb4693833b6b035d3a979e9d18837098f1a63f72b9f559e4f3ffe2d33bef1801496af6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c8d535b1a9e1c2d5711c49d33c519d1e
SHA14b18658745b3c468020355e03920c2573f79ea45
SHA2564eb0880aff6f45a4c24047092128e1b055b86f1f6c999cff0a4df6e2722beea3
SHA5128783c926beaabdd7bca38e53e27b268bfa7e0f7b9058a7b9758dbb094db7198bd94e2376511a2039f2960febe1e10f5f4b6a41e617ce0477efbd67d215621420
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a9d97669d01f44247a46c37512c6971c
SHA1697bf5fbd8725d928ebff32e6538d25037469d52
SHA256baef12603fd14590b6a8575b7b8dc0d3af71cfe4b3fb821ba4eadd0641e211d1
SHA5128c562de9c23063b7c28df5a371a105ccdefc0a88adae715c681467df1e6aaa4bae525abecaaf580dfc8a6a5c5d5dc164e9c0b54e0fd9aa455693269291ebd07e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1
Filesize242B
MD517a76cdf22000bfeddcba75e8682861e
SHA1aa8e9a3be2709204fec6cdc171cbc6ad29f70bfa
SHA256839b1369abde75621e4f82f65417c0f581a00a2f04380cada62a54f3e65fb7f7
SHA5128c85989a3e6ec2b22b9d67933b58516ee19e23983591b2ca2bc8acae46dab09a30112beb869333e92cc57a3fe9f90b1d361b06e50e801bff56450c7039e20e71
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b