Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    127s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/10/2024, 04:08 UTC

General

  • Target

    1618efc35e389df36a00a22de8fb2175_JaffaCakes118.exe

  • Size

    327KB

  • MD5

    1618efc35e389df36a00a22de8fb2175

  • SHA1

    42e5ddcaa704c3ccef46ddfa9d8a949d01fbee0e

  • SHA256

    f08949c793aa95cfc4c3ee701f9997962f01200776583a39a2387e112beb2622

  • SHA512

    13c97f666ea39de1d27199def888a1ae13c3d95017fb7261de7991092bdf5e36fdb55f9da493741bc92cd592857d1c1e0729f141713e7c1edf52979cc6e3c13e

  • SSDEEP

    6144:2zfNiYPbSAYO9xDK4iQcE/63II6kk0ToM3nzlpOocaFDUI2bMawkSB7yZz6QAr4f:WimbvbO40E/6dk0To2nRQocaFDUI4Vtj

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\1618efc35e389df36a00a22de8fb2175_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1618efc35e389df36a00a22de8fb2175_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:3920

Network

  • flag-us
    DNS
    dtrack.sslsecure1.com
    1618efc35e389df36a00a22de8fb2175_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    dtrack.sslsecure1.com
    IN A
    Response
    dtrack.sslsecure1.com
    IN A
    193.166.255.171
  • flag-us
    DNS
    154.239.44.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    154.239.44.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    73.31.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    73.31.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    217.106.137.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.106.137.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    228.249.119.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    228.249.119.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    50.23.12.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    50.23.12.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    48.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    48.229.111.52.in-addr.arpa
    IN PTR
    Response
  • 193.166.255.171:80
    dtrack.sslsecure1.com
    1618efc35e389df36a00a22de8fb2175_JaffaCakes118.exe
    260 B
    5
  • 193.166.255.171:80
    dtrack.sslsecure1.com
    1618efc35e389df36a00a22de8fb2175_JaffaCakes118.exe
    260 B
    5
  • 193.166.255.171:80
    dtrack.sslsecure1.com
    1618efc35e389df36a00a22de8fb2175_JaffaCakes118.exe
    260 B
    5
  • 193.166.255.171:80
    dtrack.sslsecure1.com
    1618efc35e389df36a00a22de8fb2175_JaffaCakes118.exe
    260 B
    5
  • 52.111.227.11:443
    322 B
    7
  • 193.166.255.171:80
    dtrack.sslsecure1.com
    1618efc35e389df36a00a22de8fb2175_JaffaCakes118.exe
    260 B
    5
  • 193.166.255.171:80
    dtrack.sslsecure1.com
    1618efc35e389df36a00a22de8fb2175_JaffaCakes118.exe
    260 B
    5
  • 8.8.8.8:53
    dtrack.sslsecure1.com
    dns
    1618efc35e389df36a00a22de8fb2175_JaffaCakes118.exe
    67 B
    83 B
    1
    1

    DNS Request

    dtrack.sslsecure1.com

    DNS Response

    193.166.255.171

  • 8.8.8.8:53
    154.239.44.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    154.239.44.20.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
    128 B
    1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    73.31.126.40.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    73.31.126.40.in-addr.arpa

  • 8.8.8.8:53
    217.106.137.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    217.106.137.52.in-addr.arpa

  • 8.8.8.8:53
    228.249.119.40.in-addr.arpa
    dns
    73 B
    159 B
    1
    1

    DNS Request

    228.249.119.40.in-addr.arpa

  • 8.8.8.8:53
    50.23.12.20.in-addr.arpa
    dns
    70 B
    156 B
    1
    1

    DNS Request

    50.23.12.20.in-addr.arpa

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    18.31.95.13.in-addr.arpa
    dns
    70 B
    144 B
    1
    1

    DNS Request

    18.31.95.13.in-addr.arpa

  • 8.8.8.8:53
    48.229.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    48.229.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nss8CF0.tmp\NSISdl.dll

    Filesize

    14KB

    MD5

    a5f8399a743ab7f9c88c645c35b1ebb5

    SHA1

    168f3c158913b0367bf79fa413357fbe97018191

    SHA256

    dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

    SHA512

    824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.