Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

e8d4de7c07...18.exe

windows7-x64

7

e8d4de7c07...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09/04/2024, 00:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e8d4de7c0743adc4d46b86084325ef19_JaffaCakes118.exe

  • Size

    232KB

  • MD5

    e8d4de7c0743adc4d46b86084325ef19

  • SHA1

    4cd91a61df25e40141a57302ce6576a66220e03e

  • SHA256

    75ffb65008fd09d966362c32a14772d935ce695e5f87b973f6b0d75d4371fb04

  • SHA512

    ce14326e87abc4d0837fc29fdddbe0a458b1e25c0d7e7af90851f84294826eb835fc609fe866b1beb8f33740fee761e0ad78bec20d86137d77bf7445dbe01566

  • SSDEEP

    3072:ae/z6pTUD6GJG5aPXu8SYe74pm1FmTKMjoJStccKy+VGgkRx+o4M8ndtqh2:awz66iSXDm1FMoJSec4Yg6z8dZ

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e8d4de7c0743adc4d46b86084325ef19_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e8d4de7c0743adc4d46b86084325ef19_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1924
    • C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\XXWG4AFRXIQJLZ.EXE
      "C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\XXWG4AFRXIQJLZ.EXE"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1952
    • C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\XXWG4AFSQ4A.EXE
      "C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\XXWG4AFSQ4A.EXE"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\Local Settings\Application Data\72283225\tst
    Filesize

    10B

    MD5

    859cd8c9815029bfd028febfefa434da

    SHA1

    740ef1a7562b23cb04927a4bd7745697ef81ef8c

    SHA256

    3a4641a64867ee0cfe8be7da484f47132e6cd52d0479bb1b3f488f409e878cbd

    SHA512

    e9a9023db9807d000bb7781b87f1793977020a01543bb7fc4bd3098872217a2be0b53abc2b76c0cd5a0885927302060b37ab46f1f6beb7cff0b99868a11b1ea4

    Download Submit

  • \Users\Admin\AppData\Local\Temp\XXWG4AFRXIQJLZ.EXE
    Filesize

    232KB

    MD5

    e8d4de7c0743adc4d46b86084325ef19

    SHA1

    4cd91a61df25e40141a57302ce6576a66220e03e

    SHA256

    75ffb65008fd09d966362c32a14772d935ce695e5f87b973f6b0d75d4371fb04

    SHA512

    ce14326e87abc4d0837fc29fdddbe0a458b1e25c0d7e7af90851f84294826eb835fc609fe866b1beb8f33740fee761e0ad78bec20d86137d77bf7445dbe01566

    Download Submit

  • \Users\Admin\AppData\Local\Temp\XXWG4AFSQ4A.EXE
    Filesize

    28KB

    MD5

    553628c7d0797377d7e881e0cb3a5b1e

    SHA1

    f0b325f8a6c90851de4cc40156ba2bf00bf9d15e

    SHA256

    57b140bac168263cd534ef38b0f7af7ac84bd6a3544dc02a27125c7d1924df6c

    SHA512

    5450874e494b992f6bc4dfdc245c71b820d7864d6a3c7fe972266d3a670f4f564a07bfbb6c74eff2f5999d3c77cc84000895399ca1858e4d74f1069f50a04263

    Download Submit

  • memory/1924-3-0x0000000000400000-0x0000000000440000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1924-22-0x0000000000400000-0x0000000000440000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1952-12-0x0000000000400000-0x0000000000440000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1952-23-0x0000000000400000-0x0000000000440000-memory.dmp

    Filesize

    256KB

    Download