Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

e85d7b0352...18.exe

windows7-x64

7

e85d7b0352...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/04/2024, 20:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e85d7b0352a7f00fc2ea1cc537ea26f7_JaffaCakes118.exe

  • Size

    219KB

  • MD5

    e85d7b0352a7f00fc2ea1cc537ea26f7

  • SHA1

    37e2f3871419a504742510f9453f03204c9aea9d

  • SHA256

    70bc38b26493f96d343387ff618115d1fdfd03dbe8e220a4f1ef484a701c3fd3

  • SHA512

    257a6fd51e4be65728c1b50ea986694dfccd65de2ff02f3c9656fb549362f38a7af761ea16abf7d9561a696d4def23ff9179ec67291817f15278aec76f609ea6

  • SSDEEP

    6144:tSUtwI+GPqkHT2dt9dkk5UblW5V4BYM/jAy1r:kUKNGPqVKI/+YMrA8

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e85d7b0352a7f00fc2ea1cc537ea26f7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e85d7b0352a7f00fc2ea1cc537ea26f7_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:640
    • C:\Program Files\Internet Explorer\carss.exe
      "C:\Program Files\Internet Explorer\carss.exe" C:\WINDOWS\Temp\hx107.tmp CodeMain
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:1284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Internet Explorer\carss.exe
    Filesize

    60KB

    MD5

    889b99c52a60dd49227c5e485a016679

    SHA1

    8fa889e456aa646a4d0a4349977430ce5fa5e2d7

    SHA256

    6cbe0e1f046b13b29bfa26f8b368281d2dda7eb9b718651d5856f22cc3e02910

    SHA512

    08933106eaf338dd119c45cbf1f83e723aff77cc0f8d3fc84e36253b1eb31557a54211d1d5d1cb58958188e32064d451f6c66a24b3963cccd3de07299ab90641

    Download Submit

  • C:\WINDOWS\Temp\hx107.tmp
    Filesize

    20.2MB

    MD5

    868867e12ebe4eb8c48fcce939174c57

    SHA1

    7f4f2d0162917235a870647d96c23a50de3b45fd

    SHA256

    dd57b2f8670d9644c47529b2d00989afd5504bf14494f6963e28f3550c33033a

    SHA512

    8baa1b9a53810bd45097b9b1f45c4d448b7f3a65a63858e363b2e4780740a91b9469d633bcce2722ca89ea1c95f7d6c27e4ae691260a653e644d33a29148f25b

    Download Submit

  • memory/640-0-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/640-10-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download