Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
517ce2461cf...18.exe
windows7-x64
717ce2461cf...18.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3bomgar-jpt.exe
windows7-x64
3bomgar-jpt.exe
windows10-2004-x64
3bomgar-plk.exe
windows7-x64
1bomgar-plk.exe
windows10-2004-x64
3bomgar-sjp.exe
windows7-x64
3bomgar-sjp.exe
windows10-2004-x64
3nsnetpush.exe
windows7-x64
1nsnetpush.exe
windows10-2004-x64
3Analysis
-
max time kernel
93s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
06/10/2024, 10:58
Behavioral task
behavioral1
Sample
17ce2461cf41dc55fd1432dd9b461086_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
17ce2461cf41dc55fd1432dd9b461086_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
bomgar-jpt.exe
Resource
win7-20240708-en
Behavioral task
behavioral10
Sample
bomgar-jpt.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
bomgar-plk.exe
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
bomgar-plk.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
bomgar-sjp.exe
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
bomgar-sjp.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
nsnetpush.exe
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
nsnetpush.exe
Resource
win10v2004-20240802-en
General
-
Target
17ce2461cf41dc55fd1432dd9b461086_JaffaCakes118.exe
-
Size
3.2MB
-
MD5
17ce2461cf41dc55fd1432dd9b461086
-
SHA1
6548f1d8eb93f7847d43de307c9fcf783983b042
-
SHA256
b9968149cdedf77356e26d68d82bc47ac20d11a14763c026ec36b842850b4af0
-
SHA512
93f725bd9d74da2191e2e658f6ac73df8da86bdfc371a8610f32bdc4fc19363b76802ac219ba2172abee3bb794c66fcbe3db932b8ecc17220ce32537de6b3add
-
SSDEEP
98304:XbLB5a8V1wMQlFvacoQpOLVLTAr9PtganH9:rLB5lwMQwbL0kc9
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 728 17ce2461cf41dc55fd1432dd9b461086_JaffaCakes118.exe -
resource yara_rule behavioral2/memory/728-0-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/memory/728-10-0x0000000000400000-0x0000000000434000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 17ce2461cf41dc55fd1432dd9b461086_JaffaCakes118.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD51e8e11f465afdabe97f529705786b368
SHA1ea42bed65df6618c5f5648567d81f3935e70a2a0
SHA2567d099352c82612ab27ddfd7310c1aa049b58128fb04ea6ea55816a40a6f6487b
SHA51216566a8c1738e26962139aae893629098dc759e4ac87df3e8eb9819df4e0e422421836bb1e4240377e00fb2f4408ce40f40eee413d0f6dd2f3a4e27a52d49a0b