Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

ec5d5186d8...18.exe

windows7-x64

7

ec5d5186d8...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/04/2024, 01:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ec5d5186d8d85beb1f509bf53f0c7687_JaffaCakes118.exe

  • Size

    71KB

  • MD5

    ec5d5186d8d85beb1f509bf53f0c7687

  • SHA1

    925ca8d0ed42b8e7460aade3ca45e115038285cc

  • SHA256

    7d18ef7e09d479005398be7866089567503298019f6c5a6a31290fdcc418aa67

  • SHA512

    ad335f7f6c35d72be356bafcbef779b98f3f9a08416f84d7521f853339f8d907c06bf2beec99c64f3b8c035d6875aa271932aab923b8ba382f50844c6a67386a

  • SSDEEP

    1536:s9Z3KcR4mjD9r8226+d9Z3KcR4mjD9r8226+S1:sr3KcWmjRrzSdr3KcWmjRrzSS1

Score
7/10
persistencespywarestealerupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ec5d5186d8d85beb1f509bf53f0c7687_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ec5d5186d8d85beb1f509bf53f0c7687_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4468
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:3952

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
    Filesize

    392KB

    MD5

    dfc339de9687a9e65ad96b44bdb2f1a8

    SHA1

    ca748e0d57e317c76a312d0c90975918ab059bcc

    SHA256

    d2d12ec17e7a3c0a9267943617981a692820c8e1d5907afcc27b4eb39ecb31b1

    SHA512

    161c58318ade30188175c0ad60c9c1d3d6c20df836b27ed07f7140191919c32ea515086b48ae1fca510fdbb994ccf291494315cc1267ed5386c98ccaece7b281

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\LU1oeMgJ22dkLyE.exe
    Filesize

    71KB

    MD5

    bbfb3b98ad23c6a5e52b2425c99a017e

    SHA1

    6d701d15eacd4a4c4c38c6f74f598fd523329f10

    SHA256

    95eb8164974cefb2bcb742b77ff39a2329c6e7d2d6675182285d7ccfcfdcbec6

    SHA512

    b56d94b074905f275215b390919bb4c4dd1ccd106560ad5c27e87e0a3b563a32223e44851d6e5afda607c122045dde258b88c6775d894a85520647c5b1fc93bf

    Download Submit

  • C:\Windows\CTS.exe
    Filesize

    71KB

    MD5

    57dc894376d6ffbf9af1929bd6688b6c

    SHA1

    cf5f1891e39142f13d3f007e2957a0d302efafff

    SHA256

    25001e3946468d3aa0f86f1ae322fb8354fc1c96052227346c41fb12d63fa129

    SHA512

    922c081df01cdcaef8cf91a484bdfe1c412a5e716aada86b3f3f61e020173cc9bd8318c072eff7f59140687fdaf3a722d62fc4c56891f906797a909da311dab1

    Download Submit

  • memory/3952-9-0x0000000000800000-0x0000000000817000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4468-0-0x00000000004B0000-0x00000000004C7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4468-7-0x00000000004B0000-0x00000000004C7000-memory.dmp

    Filesize

    92KB

    Download