Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

165e122dd5...18.exe

windows7-x64

7

165e122dd5...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    164s
  • max time network
    169s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/03/2024, 02:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    165e122dd5fc0567b2da9b4f7e7a1a19_JaffaCakes118.exe

  • Size

    15.9MB

  • MD5

    165e122dd5fc0567b2da9b4f7e7a1a19

  • SHA1

    f7d0f4d592455e30f1a622d6a8d156dcd39f37c0

  • SHA256

    80f3e5dd2001b73fa54d340684fb5e4bd20cef1bc2dfc0cf61964b012c14d39e

  • SHA512

    e6af81543eb3eb6e2826c0d20f5d3bfd427cf1bd5fac2811065491967b9de9b9be66ed026aa8a1b813d3486bd7c47acc706497204074975194e425cd6e71131e

  • SSDEEP

    393216:kg7ucg7ucg7ucg7ucg7ucg7ucg7ucg7uv:5ShShShShShShShSv

Score
7/10
persistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry key 1 TTPs 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\165e122dd5fc0567b2da9b4f7e7a1a19_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\165e122dd5fc0567b2da9b4f7e7a1a19_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3456
    • C:\Windows\SysWOW64\reg.exe
      "C:\Windows\System32\reg.exe" ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "Windows Update" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\7D57AD13E21.exe" /f
      2⤵
      • Adds Run key to start application
      • Modifies registry key
      PID:3656
    • C:\Users\Admin\AppData\Roaming\7D57AD13E21.exe
      "C:\Users\Admin\AppData\Roaming\7D57AD13E21.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:2676
      • C:\Users\Admin\AppData\Roaming\7D57AD13E21.exe
        "C:\Users\Admin\AppData\Roaming\7D57AD13E21.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:2220
    • C:\Users\Admin\AppData\Roaming\Scegli_nome_allegato.exe
      "C:\Users\Admin\AppData\Roaming\Scegli_nome_allegato.exe"
      2⤵
      • Executes dropped EXE
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2344
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3792 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:4236

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\7D57AD13E21.exe
      Filesize

      15.9MB

      MD5

      4d9000c4481b62aa7977e81cf663c226

      SHA1

      febfe33b9e305c606723add74b20a67acdc2a38a

      SHA256

      8586b0013673d204e1d06082679f41b043edb6d294a1a55ac71150eabaafcb8f

      SHA512

      edf1399757edde21caf72fd7542149ecd079b4afb54539e43f46b5001817a6f5553ea82ef6f7b6ee78443ea9720cfa9891e544d30f93cfb37dea9195b55f5665

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Scegli_nome_allegato.exe
      Filesize

      1.0MB

      MD5

      a2f259ceb892d3b0d1d121997c8927e3

      SHA1

      6e0a7239822b8d365d690a314f231286355f6cc6

      SHA256

      ab01a333f38605cbcebd80e0a84ffae2803a9b4f6bebb1e9f773e949a87cb420

      SHA512

      5ae1b60390c94c9e79d3b500a55b775d82556e599963d533170b9f35ad5cfa2df1b7d24de1890acf8e1e2c356830396091d46632dbc6ee43a7d042d4facb5dad

      Download Submit

    • memory/2220-38-0x0000000000400000-0x00000000004A6000-memory.dmp

      Filesize

      664KB

      Download

    • memory/2220-46-0x0000000002250000-0x0000000002251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2220-45-0x0000000000400000-0x00000000004A6000-memory.dmp

      Filesize

      664KB

      Download

    • memory/2220-43-0x0000000000400000-0x00000000004A6000-memory.dmp

      Filesize

      664KB

      Download

    • memory/2220-41-0x0000000002250000-0x0000000002251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2220-34-0x0000000000400000-0x00000000004A6000-memory.dmp

      Filesize

      664KB

      Download

    • memory/2220-39-0x0000000000400000-0x00000000004A6000-memory.dmp

      Filesize

      664KB

      Download

    • memory/2220-36-0x0000000000400000-0x00000000004A6000-memory.dmp

      Filesize

      664KB

      Download

    • memory/2344-40-0x0000000000710000-0x0000000000711000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2344-31-0x0000000000400000-0x00000000004FB000-memory.dmp

      Filesize

      1004KB

      Download

    • memory/2344-27-0x0000000000710000-0x0000000000711000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2676-30-0x0000000000400000-0x0000000000601000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2676-37-0x0000000000400000-0x0000000000601000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2676-32-0x0000000000400000-0x0000000000601000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2676-14-0x0000000002270000-0x0000000002271000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3456-0-0x0000000000400000-0x0000000000601000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/3456-26-0x0000000000400000-0x0000000000601000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/3456-13-0x00000000024A0000-0x00000000024A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3456-3-0x0000000000400000-0x0000000000601000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/3456-2-0x0000000000400000-0x0000000000601000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/3456-1-0x00000000024A0000-0x00000000024A1000-memory.dmp

      Filesize

      4KB

      Download