Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

e94fcbfaae...18.exe

windows7-x64

10

e94fcbfaae...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/04/2024, 05:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e94fcbfaae370cea9df1140e583e789c_JaffaCakes118.exe

  • Size

    327KB

  • MD5

    e94fcbfaae370cea9df1140e583e789c

  • SHA1

    a1e14418c878f33c12f52a7f98d2cd8910441543

  • SHA256

    1f08385fead6a4145e98018a722009ef1985c3282f8587d356c8d649f8327974

  • SHA512

    17f7a8a2febfc9d5119759e10d1ae2eab48e71d12a7dba79e49bf5c7a941a451f0984782cc8e1ad1500f9c0f7e4763f49b29ab9aaafb0acde5a5bb442eee1bc1

  • SSDEEP

    6144:WEvcq2IemoKZHrXxjGENss+p1qskL6b65kmmjujUzugJxD8vajJiTUd:lUdIe5KhrBqWss+p1qskGbjAUzualDJ

Score
10/10
persistenceupx

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 2 IoCs
    persistence
  • Modifies Installed Components in the registry 2 TTPs 2 IoCs
    persistence
  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Modifies WinLogon 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Modifies registry class 18 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e94fcbfaae370cea9df1140e583e789c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e94fcbfaae370cea9df1140e583e789c_JaffaCakes118.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Modifies Installed Components in the registry
    • Loads dropped DLL
    • Adds Run key to start application
    • Modifies WinLogon
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4384
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 804
      2⤵
      • Program crash
      PID:532
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4384 -ip 4384
    1⤵
      PID:4708
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4460 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:1116

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\dwlGina3.dll
        Filesize

        131KB

        MD5

        456f8bc05e54621c857f013aaad94c9e

        SHA1

        0fab3946fdd69ff134f39bef38d59375778ab54a

        SHA256

        7dec9b1f3a56e65b26b724f0df4a77f47ac8c99407d2e98b40d7da93ec431718

        SHA512

        03929db4369c38c314370d2e87a8b4d09c8e6a6b93c6f06a23a06da45ad6bda543cdab0d9e7cf2dbc80447a060f860f4a8d0cc21f6c6402f327b4f885935b111

        Download Submit

      • memory/4384-0-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/4384-1-0x0000000000AA0000-0x0000000000AA1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4384-9-0x0000000002C50000-0x0000000002CA0000-memory.dmp

        Filesize

        320KB

        Download

      • memory/4384-10-0x0000000002460000-0x0000000002475000-memory.dmp

        Filesize

        84KB

        Download

      • memory/4384-11-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/4384-13-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/4384-15-0x0000000000AA0000-0x0000000000AA1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4384-16-0x0000000002C50000-0x0000000002CA0000-memory.dmp

        Filesize

        320KB

        Download