Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2df0351961...18.exe

windows7-x64

7

2df0351961...18.exe

windows10-2004-x64

7

$9:/Docume...pd.exe

windows7-x64

7

$9:/Docume...pd.exe

windows10-2004-x64

7

$9:/Docume...ser.js

windows7-x64

3

$9:/Docume...ser.js

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...ry.dll

windows7-x64

3

$PLUGINSDI...ry.dll

windows10-2004-x64

3

$TEMP/sqlite3.exe

windows7-x64

1

$TEMP/sqlite3.exe

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09/10/2024, 08:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2df035196145068fe24c8d7438e0b00d_JaffaCakes118.exe

  • Size

    341KB

  • MD5

    2df035196145068fe24c8d7438e0b00d

  • SHA1

    53ae34982eaa6c3110ba3b63e8fba38f17dc6ebc

  • SHA256

    edcb20c4866a9bb4d39179a8d8709db43780b82904a02f5fe7a3825f1ad232b5

  • SHA512

    7eaaa617c5e2b3cf5640f750f17c77cd464a3da92e5d6e32ebd9a562047605c93e5822aa068c231fc1ec3d1ef6a463a8afdd5217f892a849c9cfa565a6e0721f

  • SSDEEP

    6144:2+npuvh2skM2pH04MD41iszT4YWECSQxu/9n33WzvM6n15Qpb2StFKpF5pL5:kQ/JpH04MD4vX9nSoWzHop6SbKppF

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • NSIS installer 2 IoCs
    installer
  • Modifies Internet Explorer settings 1 TTPs 10 IoCs
    adwarespyware
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2df035196145068fe24c8d7438e0b00d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2df035196145068fe24c8d7438e0b00d_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2808
    • C:\Documents and Settings\All Users\Application Data\Update\seupd.exe
      "C:\Documents and Settings\All Users\Application Data\Update\seupd.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      PID:2228
    • C:\Windows\SysWOW64\schtasks.exe
      schtasks /create /sc minute /mo 60 /tn "Updater" /tr "\"C:\Documents and Settings\All Users\Application Data\Update\seupd.exe\"" /ru "System"
      2⤵
      • System Location Discovery: System Language Discovery
      • Scheduled Task/Job: Scheduled Task
      PID:2648

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsz7C14.tmp\registry.dll
    Filesize

    16KB

    MD5

    24a7a119e289f1b5b69f3d6cf258db7c

    SHA1

    fec84298f9819adf155fcf4e9e57dd402636c177

    SHA256

    ae53f8e00574a87dd243fdf344141417cfe2af318c6c5e363a030d727a6c75d1

    SHA512

    fdbbedcc877bf020a5965f6ba8586ade48cfbe03ac0af8190a8acf077fb294ffd6b5a7ae49870bff8cacd9e33d591be63b5b3d5c2e432c640212bdcd0c602861

    Download Submit

  • \ProgramData\Update\seupd.exe
    Filesize

    307KB

    MD5

    143daa59ea3c3adc09b8e08be4d796fa

    SHA1

    378adfe3038e7e25a02fdf0db8acc845fd6c0461

    SHA256

    44ffa994a1cb265688af7f7fa4862aac022a9a95b6351032aa98e101159eab86

    SHA512

    f38aef36e7a7a34cc3073ab1f3334c6040b1b4a4604f181e22557d5faa758db36b8d671c3366fb4b1d9810a118f06426708fe0d22764f6084070cde3b506617f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsz7C62.tmp\NSISdl.dll
    Filesize

    14KB

    MD5

    9c90c746adae5171c52b932080113331

    SHA1

    2eb66e61ad38a33aa6e6c245e84e0a78dfcc5460

    SHA256

    5b7be83ff4f023eba8d2d7ab972b067a904adc71f56a50cb367619cd116d0e92

    SHA512

    fca06b4b39fdd76002487a4f9a454bec5507b2355a0e4e2dfe044e2def52bbd01aa5d2a0077703f7b8814b248743fac2b84fd37f611e04281f7e5c428e245565

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsz7C62.tmp\nsExec.dll
    Filesize

    6KB

    MD5

    cdff6b8f9523b6ef9f20fb5f9e90f1a5

    SHA1

    b25f6e0a19b41ff0a12de8e98e3005bc119d34fa

    SHA256

    80b2740fb3a21ffab022a96ce6b420019072f8ef3a048fd9dea4a5b64498c0c8

    SHA512

    62585c6a6103aed10f9a79c016df8cb630c3e37715542b5f26aa1a910771540c9b323ddbba3329db0ecf524143f7a27b782e198ce944317f764be6b9d04b792e

    Download Submit