Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

ec05b7d3cb...18.exe

windows7-x64

1

ec05b7d3cb...18.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/04/2024, 21:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ec05b7d3cbaf6cf661ced297af95e1cb_JaffaCakes118.exe

  • Size

    1.2MB

  • MD5

    ec05b7d3cbaf6cf661ced297af95e1cb

  • SHA1

    c25bbdfdf742d1cce727c91f1cfd23fafc81379b

  • SHA256

    2a6d1c8b34d3923c1702aaad4809e52f4b8a2a5801eded0f8292b78d02b217b0

  • SHA512

    5a2ccd56a5bf991d8af5c92e45431da57e33f6a97eaa849cd8db323212bb574f7fb2ff4c3190e5125c575aac480836870cdbb64e1d192d1fe833eaf0d76d4cd7

  • SSDEEP

    24576:68orgzJ9yljPAnkfAbkN+d0UQZFJckboJ5TKpIKD7N71FzAk0lcz7:L9GjebWMJ5TKpl7N7fMk0li7

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ec05b7d3cbaf6cf661ced297af95e1cb_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ec05b7d3cbaf6cf661ced297af95e1cb_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:3092

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\ponto.DLL
    Filesize

    399B

    MD5

    f0161328b321dfcba81d4516524b2781

    SHA1

    c65bdb62b67f4150f94d75fa64788d8f05b13859

    SHA256

    f37e10ca84be6e476d1164eca5b1d104f5dac890f02f5de701c61b86f19a1eae

    SHA512

    273f3bcd6cf80020ac85227184c05d4c901c07e3782e741ee5b8abb63f89171c632725de68f4b015ca902fec4268eaa1101ab8d9b7f592721e08b94a329ff672

    Download Submit

  • memory/3092-0-0x0000000000400000-0x0000000001408000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/3092-1-0x00000000015B0000-0x00000000015B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3092-2-0x0000000000400000-0x0000000001408000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/3092-3-0x0000000001720000-0x0000000001721000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3092-4-0x00000000059E0000-0x00000000059E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3092-22-0x0000000000400000-0x0000000001408000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/3092-25-0x00000000015B0000-0x00000000015B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3092-29-0x0000000001720000-0x0000000001721000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3092-32-0x00000000059E0000-0x00000000059E1000-memory.dmp

    Filesize

    4KB

    Download