Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

e85d7b0352...18.exe

windows7-x64

7

e85d7b0352...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08/04/2024, 20:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e85d7b0352a7f00fc2ea1cc537ea26f7_JaffaCakes118.exe

  • Size

    219KB

  • MD5

    e85d7b0352a7f00fc2ea1cc537ea26f7

  • SHA1

    37e2f3871419a504742510f9453f03204c9aea9d

  • SHA256

    70bc38b26493f96d343387ff618115d1fdfd03dbe8e220a4f1ef484a701c3fd3

  • SHA512

    257a6fd51e4be65728c1b50ea986694dfccd65de2ff02f3c9656fb549362f38a7af761ea16abf7d9561a696d4def23ff9179ec67291817f15278aec76f609ea6

  • SSDEEP

    6144:tSUtwI+GPqkHT2dt9dkk5UblW5V4BYM/jAy1r:kUKNGPqVKI/+YMrA8

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e85d7b0352a7f00fc2ea1cc537ea26f7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e85d7b0352a7f00fc2ea1cc537ea26f7_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2020
    • C:\Program Files\Internet Explorer\carss.exe
      "C:\Program Files\Internet Explorer\carss.exe" C:\WINDOWS\Temp\hx107.tmp CodeMain
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:1116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\WINDOWS\Temp\hx107.tmp
    Filesize

    20.2MB

    MD5

    868867e12ebe4eb8c48fcce939174c57

    SHA1

    7f4f2d0162917235a870647d96c23a50de3b45fd

    SHA256

    dd57b2f8670d9644c47529b2d00989afd5504bf14494f6963e28f3550c33033a

    SHA512

    8baa1b9a53810bd45097b9b1f45c4d448b7f3a65a63858e363b2e4780740a91b9469d633bcce2722ca89ea1c95f7d6c27e4ae691260a653e644d33a29148f25b

    Download Submit

  • \Program Files\Internet Explorer\carss.exe
    Filesize

    43KB

    MD5

    51138beea3e2c21ec44d0932c71762a8

    SHA1

    8939cf35447b22dd2c6e6f443446acc1bf986d58

    SHA256

    5ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124

    SHA512

    794f30fe452117ff2a26dc9d7086aaf82b639c2632ac2e381a81f5239caaec7c96922ba5d2d90bfd8d74f0a6cd4f79fbda63e14c6b779e5cf6834c13e4e45e7d

    Download Submit

  • memory/2020-0-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2020-12-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download