Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
3JaffaCakes...1c.exe
windows7-x64
7JaffaCakes...1c.exe
windows10-2004-x64
7$PLUGINSDI...se.rtf
windows7-x64
4$PLUGINSDI...se.rtf
windows10-2004-x64
3$PLUGINSDI...se.dll
windows7-x64
3$PLUGINSDI...se.dll
windows10-2004-x64
3$PLUGINSDI...e2.rtf
windows7-x64
4$PLUGINSDI...e2.rtf
windows10-2004-x64
1$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...on.dll
windows7-x64
3$PLUGINSDI...on.dll
windows10-2004-x64
3$PLUGINSDI...se.rtf
windows7-x64
4$PLUGINSDI...se.rtf
windows10-2004-x64
1$PLUGINSDIR/Math.dll
windows7-x64
3$PLUGINSDIR/Math.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...se.rtf
windows7-x64
4$PLUGINSDI...se.rtf
windows10-2004-x64
1$PLUGINSDI...se.rtf
windows7-x64
4$PLUGINSDI...se.rtf
windows10-2004-x64
1$PLUGINSDI...ib.dll
windows7-x64
3$PLUGINSDI...ib.dll
windows10-2004-x64
3$PLUGINSDI...ce.rtf
windows7-x64
4$PLUGINSDI...ce.rtf
windows10-2004-x64
1$PLUGINSDI...rs.rtf
windows7-x64
4$PLUGINSDI...rs.rtf
windows10-2004-x64
1$PLUGINSDI...VG.rtf
windows7-x64
4$PLUGINSDI...VG.rtf
windows10-2004-x64
1Analysis
-
max time kernel
134s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
25/01/2025, 02:35
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_2774834dce5d1a7c4ecb25a16dca781c.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_2774834dce5d1a7c4ecb25a16dca781c.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/AnimalShopping_license.rtf
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/AnimalShopping_license.rtf
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/CustomLicense.dll
Resource
win7-20240729-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/CustomLicense.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/DefaultTab_license2.rtf
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/DefaultTab_license2.rtf
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/GetVersion.dll
Resource
win7-20241023-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/GetVersion.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/Iminent_license.rtf
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/Iminent_license.rtf
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/Math.dll
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/Math.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/System.dll
Resource
win7-20241010-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/frg_license.rtf
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/frg_license.rtf
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/gc_license.rtf
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/gc_license.rtf
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
$PLUGINSDIR/intlib.dll
Resource
win7-20240729-en
Behavioral task
behavioral26
Sample
$PLUGINSDIR/intlib.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
$PLUGINSDIR/license_2YourFace.rtf
Resource
win7-20241023-en
Behavioral task
behavioral28
Sample
$PLUGINSDIR/license_2YourFace.rtf
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/license_7Wonders.rtf
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/license_7Wonders.rtf
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/license_AVG.rtf
Resource
win7-20241010-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/license_AVG.rtf
Resource
win10v2004-20241007-en
General
-
Target
$PLUGINSDIR/license_AVG.rtf
-
Size
55KB
-
MD5
df37a95a1fa22b46035fd64a0d9bf468
-
SHA1
3723c58da5ae852ee1d86b117d9ea4a3a6d2d175
-
SHA256
683c8faa65f4cad659f4838f7178da4d1cd4fb7e385e4ae2933e6383533ffcb1
-
SHA512
3aa3c12b39c8827bd71737536a4cc9922b07410825eae9b7a7a299c9494a2bd1958904384fdad6beed16277a8f6e9545211960607e2321f5cd408cb3669d3951
-
SSDEEP
768:A6ZVONul/f21xmAbiCyaPYT7dkJurzuY9o4/r/bARdP69At5Hm7XlYTcZGyhMxJr:nHPupQFm
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 4676 WINWORD.EXE 4676 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 9 IoCs
pid Process 4676 WINWORD.EXE 4676 WINWORD.EXE 4676 WINWORD.EXE 4676 WINWORD.EXE 4676 WINWORD.EXE 4676 WINWORD.EXE 4676 WINWORD.EXE 4676 WINWORD.EXE 4676 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\license_AVG.rtf" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4676
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
245KB
MD5f883b260a8d67082ea895c14bf56dd56
SHA17954565c1f243d46ad3b1e2f1baf3281451fc14b
SHA256ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353
SHA512d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
Filesize3KB
MD522693876cf2c3b31575a594102edd35c
SHA194e3ce944e949950670947e85dd2a5b3ad6eb235
SHA256c744b5fe9444833f1f7bb70c365275cf5218615f801851f444e1103c81800d74
SHA512e472fdcca23b8f60e4bc4438cb0feff1b6a84fdadd77060e581b353e7fdb67ef40468cc4b6a0bbec48196593db5d7ed6828ac1288c8f522c909868a35e7b9a59