Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

3cf46d0f5b...18.exe

windows7-x64

7

3cf46d0f5b...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

doc/de/mkv...t.html

windows7-x64

3

doc/de/mkv...t.html

windows10-2004-x64

3

doc/de/mkvinfo.html

windows7-x64

3

doc/de/mkvinfo.html

windows10-2004-x64

3

doc/de/mkvmerge.html

windows7-x64

3

doc/de/mkvmerge.html

windows10-2004-x64

3

doc/de/mkv...t.html

windows7-x64

3

doc/de/mkv...t.html

windows10-2004-x64

3

doc/de/mmg.html

windows7-x64

3

doc/de/mmg.html

windows10-2004-x64

3

doc/en/mkv...t.html

windows7-x64

3

doc/en/mkv...t.html

windows10-2004-x64

3

doc/en/mkvinfo.html

windows7-x64

3

doc/en/mkvinfo.html

windows10-2004-x64

3

doc/en/mkvmerge.html

windows7-x64

3

doc/en/mkvmerge.html

windows10-2004-x64

3

doc/en/mkv...t.html

windows7-x64

3

doc/en/mkv...t.html

windows10-2004-x64

3

doc/en/mmg.html

windows7-x64

3

doc/en/mmg.html

windows10-2004-x64

3

Analysis

  • max time kernel
    141s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13/10/2024, 01:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3cf46d0f5bb370ea37b7f4fc964b26b5_JaffaCakes118.exe

  • Size

    9.1MB

  • MD5

    3cf46d0f5bb370ea37b7f4fc964b26b5

  • SHA1

    d8465dbc40e1eb3ab96c5021b7bbed3161a3bc4b

  • SHA256

    3f3a2c1a16748eeccefc4d68666836acedd60b1ca0e2314576377ecd91d7ad84

  • SHA512

    56a69e97a510ab0bd60b06c174b91d8c7baa5cf79d6a7bcc88154a6f4ffb809af77bbe0a2a1e58fb512c9f11611a8d417be848b3055462c45a23889b21d3ca35

  • SSDEEP

    196608:/SaeRiPTdCB1S0n9FeFJsDbNp4VE93C3ay0WO0assfx:mET4y0bK8bNpsEdC3V2NssJ

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3cf46d0f5bb370ea37b7f4fc964b26b5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3cf46d0f5bb370ea37b7f4fc964b26b5_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2644

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nsjF94F.tmp\LangDLL.dll
    Filesize

    7KB

    MD5

    bbefe42d139b386bd19aabd265ca6959

    SHA1

    c2c83ffb7bd4ddf75cab14c43fe968bc76ac5a56

    SHA256

    42d6c19afc3de2d03d3709523948616df7b9ef5a2b163b2137bb5c3e9f173ed1

    SHA512

    05f758eea02e6a87da224f34eec6d9e0ebe9545a787f51e9a027ea4c80376b5bc82e5d648a1a110d5fa8c5a3655d5994b63b77a69ab4b6af2fd9ffc8ea0c567d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsjF94F.tmp\StartMenu.dll
    Filesize

    9KB

    MD5

    2ff2bb6790017394fb6fa5fde0acbefd

    SHA1

    8c0a50f9e68f5b2b00e16d47509eab83575e2e35

    SHA256

    39b5ab2126dd4e9b5545626b477e5d378a839646d103a805a98438a97ccadece

    SHA512

    7ddc814eee4c317abf352859955448522b56de4345a92216eadc934241ecd67ccfe6156529bc6e8929beb33d6d423e07c7adce89fb8b58b49f0c2cd20ff2d23f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsjF94F.tmp\System.dll
    Filesize

    19KB

    MD5

    314dadff676543b3394c5f2f67017216

    SHA1

    0819cad04f3be8a5a92bbe9d7b495f564cd142a0

    SHA256

    b039ad25aa0a3c1a8cab94c52478ccb63a2810d18536ad3071f1440556ea6cef

    SHA512

    cbca06a2a2efee584b45340216544fbf52280db933a46945250611d8e46e05e7dd423f4618f6536e69eeb26d4ee53815c9e3d11085308e2c2b52329b3d14cb58

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsjF94F.tmp\nsDialogs.dll
    Filesize

    11KB

    MD5

    a6757baa6852098b8c61f1e045bba9f7

    SHA1

    c0b6a9288f31e38af43f3ea5caa3cb7c313ccffe

    SHA256

    8230ceaf87930271680717b985444927a70d2d59d7aea66e38697a88eedec088

    SHA512

    868a296e3c6309514411c1d894e820a92aef83e80a53f48579b083202919ce6603353ba44f17ecef665564fba36bf2a1d5f141edbdf1d5b4964d66e70b1f7c3a

    Download Submit

  • memory/2644-22-0x0000000000400000-0x0000000000513000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2644-24-0x000000006E3C0000-0x000000006E3CD000-memory.dmp

    Filesize

    52KB

    Download

  • memory/2644-23-0x000000006E940000-0x000000006E94A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2644-33-0x000000006D040000-0x000000006D04A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2644-32-0x000000006E3C0000-0x000000006E3CD000-memory.dmp

    Filesize

    52KB

    Download

  • memory/2644-31-0x000000006E940000-0x000000006E94A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2644-30-0x0000000000400000-0x0000000000513000-memory.dmp

    Filesize

    1.1MB

    Download