Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    175s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    06/04/2024, 14:36

General

  • Target

    e2c13d654e1397bf110f8ead50de5212_JaffaCakes118.dll

  • Size

    241KB

  • MD5

    e2c13d654e1397bf110f8ead50de5212

  • SHA1

    33da95025432683cb4410bbb966700fed3dcc319

  • SHA256

    7120e79a70b7545173221fd56857dec216d457a9560cc75dcb64ba2c87984409

  • SHA512

    aca8d47394249846ae666f884aa0b89cfc6e35b8872888f6bed787e36fabbb606a7bb7f2614d92f21b8971563ded4ffebf05805a8ea704e424bd569171c92e8b

  • SSDEEP

    6144:5PISNDkrK1IK3hEnkDUxc2CIoqy+utDy+htDl+hN:5PISNA8R/gxcBqy+utDy+htDl+hN

Score
8/10

Malware Config

Signatures

  • Sets DLL path for service in the registry 2 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\e2c13d654e1397bf110f8ead50de5212_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2568
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\e2c13d654e1397bf110f8ead50de5212_JaffaCakes118.dll
      2⤵
      • Sets DLL path for service in the registry
      PID:2636
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k e2c13d654e1397bf110f8ead50de5212_JaffaCakes118
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2664

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads