Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
31618efc35e...18.exe
windows7-x64
71618efc35e...18.exe
windows10-2004-x64
7$EXEFILE.exe
windows7-x64
1$EXEFILE.exe
windows10-2004-x64
1$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$TEMP/$EXEFILE.exe
windows7-x64
1$TEMP/$EXEFILE.exe
windows10-2004-x64
1Analysis
-
max time kernel
127s -
max time network
122s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
05/10/2024, 04:08
Static task
static1
Behavioral task
behavioral1
Sample
1618efc35e389df36a00a22de8fb2175_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
1618efc35e389df36a00a22de8fb2175_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$EXEFILE.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$EXEFILE.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/Banner.dll
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/Banner.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240708-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
$TEMP/$EXEFILE.exe
Resource
win7-20240704-en
Behavioral task
behavioral12
Sample
$TEMP/$EXEFILE.exe
Resource
win10v2004-20240802-en
General
-
Target
1618efc35e389df36a00a22de8fb2175_JaffaCakes118.exe
-
Size
327KB
-
MD5
1618efc35e389df36a00a22de8fb2175
-
SHA1
42e5ddcaa704c3ccef46ddfa9d8a949d01fbee0e
-
SHA256
f08949c793aa95cfc4c3ee701f9997962f01200776583a39a2387e112beb2622
-
SHA512
13c97f666ea39de1d27199def888a1ae13c3d95017fb7261de7991092bdf5e36fdb55f9da493741bc92cd592857d1c1e0729f141713e7c1edf52979cc6e3c13e
-
SSDEEP
6144:2zfNiYPbSAYO9xDK4iQcE/63II6kk0ToM3nzlpOocaFDUI2bMawkSB7yZz6QAr4f:WimbvbO40E/6dk0To2nRQocaFDUI4Vtj
Malware Config
Signatures
-
Loads dropped DLL 6 IoCs
pid Process 3920 1618efc35e389df36a00a22de8fb2175_JaffaCakes118.exe 3920 1618efc35e389df36a00a22de8fb2175_JaffaCakes118.exe 3920 1618efc35e389df36a00a22de8fb2175_JaffaCakes118.exe 3920 1618efc35e389df36a00a22de8fb2175_JaffaCakes118.exe 3920 1618efc35e389df36a00a22de8fb2175_JaffaCakes118.exe 3920 1618efc35e389df36a00a22de8fb2175_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 1618efc35e389df36a00a22de8fb2175_JaffaCakes118.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
14KB
MD5a5f8399a743ab7f9c88c645c35b1ebb5
SHA1168f3c158913b0367bf79fa413357fbe97018191
SHA256dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9
SHA512824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977