Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

ec55fc7a83...18.exe

windows7-x64

7

ec55fc7a83...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    94s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/04/2024, 00:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ec55fc7a83f60c7683b70e5dbc8e2f24_JaffaCakes118.exe

  • Size

    373KB

  • MD5

    ec55fc7a83f60c7683b70e5dbc8e2f24

  • SHA1

    34d729c7e89ccda6295b34291978b6cd0be091bb

  • SHA256

    8d522ba79151c8f35350e80ac7c6462d3d26d88229a0cd511bb63ae26fe41973

  • SHA512

    bc93605e870e16cf44a9653e24fc49416615feaa689694c3cb7f7bedd36ed58b70ff7b0f75b11787f511c39c94d2e0b4e5b0bfadafb37f9fc8273166adb2e7a9

  • SSDEEP

    6144:JlEG2aILgM2u+nmzK6QgSuHL5vj6pN/teIecjq1vsGX+v7MqvnTJ28THJYC:VIEGpzK6FSkFviFzq10GX+flpYC

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 2 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 2 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ec55fc7a83f60c7683b70e5dbc8e2f24_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ec55fc7a83f60c7683b70e5dbc8e2f24_JaffaCakes118.exe"
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4400
    • C:\Windows\Ravsys.exe
      C:\Windows\Ravsys.exe Ravsys
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:5056
      • C:\Windows\SysWOW64\svchost.exe
        C:\Windows\system32\svchost.exe
        3⤵
          PID:2388
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 1304
          3⤵
          • Program crash
          PID:1568
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~SiGou.bat
        2⤵
          PID:1504
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 5056 -ip 5056
        1⤵
          PID:2544

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\~SiGou.bat
          Filesize

          240B

          MD5

          f67ef9d82f9418b517232f08019dc9d8

          SHA1

          72de257be6195c12d66d03b7c0e6585e32ee2c26

          SHA256

          c295411eae195d54f2e9cf6efbe12e6622acdc671080dcdad1f3f49c7bf4aa0f

          SHA512

          ea4908c44f07ff4c88b159e12e4c6b909512d4a0d055b5d841fdcdc6224a4b214534b37c2422985007887dacc45e46b0c58c1ed43f246fa2d55b28d4b76b56e6

          Download Submit

        • C:\Windows\Ravsys.exe
          Filesize

          373KB

          MD5

          ec55fc7a83f60c7683b70e5dbc8e2f24

          SHA1

          34d729c7e89ccda6295b34291978b6cd0be091bb

          SHA256

          8d522ba79151c8f35350e80ac7c6462d3d26d88229a0cd511bb63ae26fe41973

          SHA512

          bc93605e870e16cf44a9653e24fc49416615feaa689694c3cb7f7bedd36ed58b70ff7b0f75b11787f511c39c94d2e0b4e5b0bfadafb37f9fc8273166adb2e7a9

          Download Submit

        • memory/4400-0-0x0000000000400000-0x0000000000475000-memory.dmp

          Filesize

          468KB

          Download

        • memory/4400-2-0x0000000000400000-0x0000000000475000-memory.dmp

          Filesize

          468KB

          Download

        • memory/4400-1-0x0000000002230000-0x000000000228A000-memory.dmp

          Filesize

          360KB

          Download

        • memory/4400-4-0x0000000002410000-0x0000000002411000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4400-3-0x0000000002420000-0x0000000002421000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4400-5-0x0000000002480000-0x0000000002481000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4400-6-0x0000000002450000-0x0000000002451000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4400-7-0x00000000024A0000-0x00000000024A1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4400-8-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-9-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-10-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-11-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-12-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-13-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-14-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-15-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-16-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-17-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-18-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-19-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-20-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-22-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-21-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-23-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-25-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-24-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-26-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-28-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-30-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-29-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-27-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-31-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-34-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-36-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-35-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-37-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-33-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-32-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-39-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-38-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-40-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-41-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-44-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-46-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-45-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-47-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-43-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-42-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-49-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-51-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-53-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-52-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-54-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-55-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-56-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-50-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-58-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-60-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-59-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-57-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-48-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-63-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-64-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-62-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-61-0x0000000003290000-0x0000000003390000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4400-140-0x0000000000400000-0x0000000000475000-memory.dmp

          Filesize

          468KB

          Download

        • memory/5056-96-0x0000000000400000-0x0000000000475000-memory.dmp

          Filesize

          468KB

          Download

        • memory/5056-143-0x0000000000400000-0x0000000000475000-memory.dmp

          Filesize

          468KB

          Download