Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    06/04/2024, 21:58

General

  • Target

    e36143b7009ac558b03688cfbae5eac4_JaffaCakes118.exe

  • Size

    252KB

  • MD5

    e36143b7009ac558b03688cfbae5eac4

  • SHA1

    5a027d47f18c5158bc8751591d19eaba24b567d4

  • SHA256

    84d342289ad46514f784b0db180bb3d0fa70bda9cc79a91db35174cd1165a347

  • SHA512

    0644e8991384db2cedaf2fe6d5cbd46f90cb43a7a74d6f77818101700c80ae000c03e770538e8966fe2ad4b15f4776236b3f9140828fcb4d8ce1ab33f6ff72b6

  • SSDEEP

    6144:x+AcyrimEU/EztV++Jbtd4lfn8hFXbTom85FMnH:xNNrimr/EztV++JZd4lfnSTo7F

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 51 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e36143b7009ac558b03688cfbae5eac4_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e36143b7009ac558b03688cfbae5eac4_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3048
    • C:\Users\Admin\qiaekag.exe
      "C:\Users\Admin\qiaekag.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2528

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\qiaekag.exe

    Filesize

    252KB

    MD5

    bfdbfeab4ac126c9b3acbf089f9c075d

    SHA1

    8fb44c5d056b3ebb3558dcabe8265883cf1af7c6

    SHA256

    fb952cb3bedf1029f08bcb4f0cb2f569d50dc1a5031ed880f811298251ed5b2b

    SHA512

    2d88f5a072b6c45942d3f7a0041873ae365509cd8261006e879f34b580b62338cb7543d1324bfa298f08680b77901b985c11f50024db7ba987e8164a60df336e