Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

27fb410d5a...18.exe

windows7-x64

7

27fb410d5a...18.exe

windows10-2004-x64

7

$PLUGINSDIR/17561.vbs

windows7-x64

1

$PLUGINSDIR/17561.vbs

windows10-2004-x64

3

$PLUGINSDI...sh.dll

windows7-x64

3

$PLUGINSDI...sh.dll

windows10-2004-x64

3

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDIR/SkinH.dll

windows7-x64

5

$PLUGINSDIR/SkinH.dll

windows10-2004-x64

5

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/pcpc.vbs

windows7-x64

3

$PLUGINSDIR/pcpc.vbs

windows10-2004-x64

3

$PLUGINSDIR/run.vbs

windows7-x64

3

$PLUGINSDIR/run.vbs

windows10-2004-x64

7

$PLUGINSDI...��.exe

windows7-x64

3

$PLUGINSDI...��.exe

windows10-2004-x64

3

$PLUGINSDI...RL.dll

windows7-x64

3

$PLUGINSDI...RL.dll

windows10-2004-x64

3

$PLUGINSDIR/Inetc.dll

windows7-x64

3

$PLUGINSDIR/Inetc.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

Shell/Norm...le.dll

windows7-x64

1

Shell/Norm...le.dll

windows10-2004-x64

1

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/10/2024, 00:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    27fb410d5aa6711fdfb83052c703203f_JaffaCakes118.exe

  • Size

    1.6MB

  • MD5

    27fb410d5aa6711fdfb83052c703203f

  • SHA1

    bd3a79886d13837d1643227356946befcd488eb9

  • SHA256

    2b49ca21dd645edd3d08709a68f205cc59bcc2a48b8b3ba49815fdceefbb1c4e

  • SHA512

    b9681f68136ad3b7b95663b810b062cf198dedc5bd50d679dbc5883ff5feab9561d630e5b43e2da0401dad233088d8a7a5cdd024f1f57ffbe27ace642741a692

  • SSDEEP

    24576:JS91TM/9KwQXJZcTufYgwDUuLKzY9IfKhV98ROv1enKEUdx3WO3TOHM3ISjaa:JCCVRQX/cSFwDEY9jhV8UELUdxWcTF7

Score
7/10
discoveryupx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 8 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\27fb410d5aa6711fdfb83052c703203f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\27fb410d5aa6711fdfb83052c703203f_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:4912

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsu92BC.tmp\AdvSplash.dll
    Filesize

    6KB

    MD5

    13cc92f90a299f5b2b2f795d0d2e47dc

    SHA1

    aa69ead8520876d232c6ed96021a4825e79f542f

    SHA256

    eb1ca2b3a6e564c32677d0cdc388e26b74ef686e071d7dbca44d0bfa10488feb

    SHA512

    ff4e6e6e7104568fc85ef3a3f0494a5c7822a4ceaf65c584ad534f08f9a472a8d86f0a62f1f86343c61e2540b2254714b7ea43e4b312ff13d8271ff069386fa3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsu92BC.tmp\ButtonLinker.dll
    Filesize

    7KB

    MD5

    dd85ac7d85c92dd0e3cc17dfd4890f54

    SHA1

    a128fb7a05965c1a9913c6f5e419e6c4c0a7d2fa

    SHA256

    27abd2a4fb1bf66add60221b52d061bbe24d2d21e13600725ff7a5c6c777b504

    SHA512

    e4ff8216c65110a9d156f37c2062acb53a72daa8af12dfc24278920d9e1a4083a81b1446759df75405b2da34c7bfb1afc33184feedd0aee4ed73f79fcbb1a8a1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsu92BC.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    325b008aec81e5aaa57096f05d4212b5

    SHA1

    27a2d89747a20305b6518438eff5b9f57f7df5c3

    SHA256

    c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    SHA512

    18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsu92BC.tmp\SkinH.dll
    Filesize

    84KB

    MD5

    a00c474dc4ced90b8f5a692108c45dce

    SHA1

    e02722d30a6218523e9ddef287817788a4a9b9fc

    SHA256

    6504e515cbcf89cb98fd9f1a310125bfdf93e1f6a6bf0c64c0229e5670cac9b1

    SHA512

    e81b001379f94fabb71f1d6a019b81202e00da7338048b77d1728b40427689a32801419377d3e86c51c5e418cc3ccc328ee00adc69eaa575267bcaac8f477abd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsu92BC.tmp\System.dll
    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsu92BC.tmp\ioSpecial.ini
    Filesize

    637B

    MD5

    12a142afd71033d5ada872db1fcda4ef

    SHA1

    0367f33f7e1867badd005c36a4c4fe621ac78e2a

    SHA256

    7bc8256197f61a5b3757367baed8190bc114b2be695668eac4624df6e35c1fec

    SHA512

    6a99bd61366a5df4f95caf9f33ee8d4bec5f88164f6e36c139ba292bb2b4569ad84bc72159526b2f631a8624213c96c5761931230951aaf9f99744b1e2c9a48f

    Download Submit

  • memory/4912-36-0x0000000007250000-0x000000000728C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/4912-40-0x0000000007250000-0x000000000728C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/4912-39-0x0000000007250000-0x000000000728C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/4912-34-0x0000000007259000-0x000000000725A000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4912-35-0x0000000007250000-0x000000000728C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/4912-38-0x0000000007250000-0x000000000728C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/4912-31-0x0000000007250000-0x000000000728C000-memory.dmp

    Filesize

    240KB

    Download