Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
727fb410d5a...18.exe
windows7-x64
727fb410d5a...18.exe
windows10-2004-x64
7$PLUGINSDIR/17561.vbs
windows7-x64
1$PLUGINSDIR/17561.vbs
windows10-2004-x64
3$PLUGINSDI...sh.dll
windows7-x64
3$PLUGINSDI...sh.dll
windows10-2004-x64
3$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDIR/SkinH.dll
windows7-x64
5$PLUGINSDIR/SkinH.dll
windows10-2004-x64
5$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/pcpc.vbs
windows7-x64
3$PLUGINSDIR/pcpc.vbs
windows10-2004-x64
3$PLUGINSDIR/run.vbs
windows7-x64
3$PLUGINSDIR/run.vbs
windows10-2004-x64
7$PLUGINSDI...��.exe
windows7-x64
3$PLUGINSDI...��.exe
windows10-2004-x64
3$PLUGINSDI...RL.dll
windows7-x64
3$PLUGINSDI...RL.dll
windows10-2004-x64
3$PLUGINSDIR/Inetc.dll
windows7-x64
3$PLUGINSDIR/Inetc.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3Shell/Norm...le.dll
windows7-x64
1Shell/Norm...le.dll
windows10-2004-x64
1uninst.exe
windows7-x64
7uninst.exe
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09/10/2024, 00:49
Behavioral task
behavioral1
Sample
27fb410d5aa6711fdfb83052c703203f_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
27fb410d5aa6711fdfb83052c703203f_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/17561.vbs
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/17561.vbs
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/AdvSplash.dll
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/AdvSplash.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/ButtonLinker.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/ButtonLinker.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/SkinH.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/SkinH.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/pcpc.vbs
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/pcpc.vbs
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/run.vbs
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/run.vbs
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/Ϸ.exe
Resource
win7-20240704-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/Ϸ.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/BrandingURL.dll
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/BrandingURL.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/Inetc.dll
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/Inetc.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240708-en
Behavioral task
behavioral26
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
Shell/NormalColor/Shellstyle.dll
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
Shell/NormalColor/Shellstyle.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
uninst.exe
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
uninst.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
General
-
Target
27fb410d5aa6711fdfb83052c703203f_JaffaCakes118.exe
-
Size
1.6MB
-
MD5
27fb410d5aa6711fdfb83052c703203f
-
SHA1
bd3a79886d13837d1643227356946befcd488eb9
-
SHA256
2b49ca21dd645edd3d08709a68f205cc59bcc2a48b8b3ba49815fdceefbb1c4e
-
SHA512
b9681f68136ad3b7b95663b810b062cf198dedc5bd50d679dbc5883ff5feab9561d630e5b43e2da0401dad233088d8a7a5cdd024f1f57ffbe27ace642741a692
-
SSDEEP
24576:JS91TM/9KwQXJZcTufYgwDUuLKzY9IfKhV98ROv1enKEUdx3WO3TOHM3ISjaa:JCCVRQX/cSFwDEY9jhV8UELUdxWcTF7
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
resource yara_rule behavioral2/files/0x0007000000023c97-27.dat acprotect -
Loads dropped DLL 8 IoCs
pid Process 4912 27fb410d5aa6711fdfb83052c703203f_JaffaCakes118.exe 4912 27fb410d5aa6711fdfb83052c703203f_JaffaCakes118.exe 4912 27fb410d5aa6711fdfb83052c703203f_JaffaCakes118.exe 4912 27fb410d5aa6711fdfb83052c703203f_JaffaCakes118.exe 4912 27fb410d5aa6711fdfb83052c703203f_JaffaCakes118.exe 4912 27fb410d5aa6711fdfb83052c703203f_JaffaCakes118.exe 4912 27fb410d5aa6711fdfb83052c703203f_JaffaCakes118.exe 4912 27fb410d5aa6711fdfb83052c703203f_JaffaCakes118.exe -
resource yara_rule behavioral2/files/0x0007000000023c97-27.dat upx behavioral2/memory/4912-31-0x0000000007250000-0x000000000728C000-memory.dmp upx behavioral2/memory/4912-38-0x0000000007250000-0x000000000728C000-memory.dmp upx behavioral2/memory/4912-36-0x0000000007250000-0x000000000728C000-memory.dmp upx behavioral2/memory/4912-40-0x0000000007250000-0x000000000728C000-memory.dmp upx behavioral2/memory/4912-39-0x0000000007250000-0x000000000728C000-memory.dmp upx behavioral2/memory/4912-35-0x0000000007250000-0x000000000728C000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 27fb410d5aa6711fdfb83052c703203f_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4912 27fb410d5aa6711fdfb83052c703203f_JaffaCakes118.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6KB
MD513cc92f90a299f5b2b2f795d0d2e47dc
SHA1aa69ead8520876d232c6ed96021a4825e79f542f
SHA256eb1ca2b3a6e564c32677d0cdc388e26b74ef686e071d7dbca44d0bfa10488feb
SHA512ff4e6e6e7104568fc85ef3a3f0494a5c7822a4ceaf65c584ad534f08f9a472a8d86f0a62f1f86343c61e2540b2254714b7ea43e4b312ff13d8271ff069386fa3
-
Filesize
7KB
MD5dd85ac7d85c92dd0e3cc17dfd4890f54
SHA1a128fb7a05965c1a9913c6f5e419e6c4c0a7d2fa
SHA25627abd2a4fb1bf66add60221b52d061bbe24d2d21e13600725ff7a5c6c777b504
SHA512e4ff8216c65110a9d156f37c2062acb53a72daa8af12dfc24278920d9e1a4083a81b1446759df75405b2da34c7bfb1afc33184feedd0aee4ed73f79fcbb1a8a1
-
Filesize
14KB
MD5325b008aec81e5aaa57096f05d4212b5
SHA127a2d89747a20305b6518438eff5b9f57f7df5c3
SHA256c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
SHA51218362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
-
Filesize
84KB
MD5a00c474dc4ced90b8f5a692108c45dce
SHA1e02722d30a6218523e9ddef287817788a4a9b9fc
SHA2566504e515cbcf89cb98fd9f1a310125bfdf93e1f6a6bf0c64c0229e5670cac9b1
SHA512e81b001379f94fabb71f1d6a019b81202e00da7338048b77d1728b40427689a32801419377d3e86c51c5e418cc3ccc328ee00adc69eaa575267bcaac8f477abd
-
Filesize
11KB
MD5c17103ae9072a06da581dec998343fc1
SHA1b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
SHA256dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
SHA512d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
Filesize
637B
MD512a142afd71033d5ada872db1fcda4ef
SHA10367f33f7e1867badd005c36a4c4fe621ac78e2a
SHA2567bc8256197f61a5b3757367baed8190bc114b2be695668eac4624df6e35c1fec
SHA5126a99bd61366a5df4f95caf9f33ee8d4bec5f88164f6e36c139ba292bb2b4569ad84bc72159526b2f631a8624213c96c5761931230951aaf9f99744b1e2c9a48f