Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

ed590695c8...18.exe

windows7-x64

10

ed590695c8...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    11/04/2024, 11:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ed590695c86d36428567cf0a5ba082cf_JaffaCakes118.exe

  • Size

    300KB

  • MD5

    ed590695c86d36428567cf0a5ba082cf

  • SHA1

    439258cf1ccae0fb622bb8a67fd75a85afe43e76

  • SHA256

    5bb615a671d9fd3f0e32526f18c402394134c8c4ec0c4a79fcd422b6f43943c5

  • SHA512

    813a55e71e59a0d8c1a703887030dd38e281a652bb0871096618021f531058a85aa3b9c23e1437503fbe82271978bd7769d0afcc30061511bf36860b33e2a44a

  • SSDEEP

    3072:khEPZz2c1VzH9ZtyYjBCwD+afFICNcFOnQYPDY0rlGY4aDACauXHt7kMMor5cu:WEPZz

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 52 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ed590695c86d36428567cf0a5ba082cf_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ed590695c86d36428567cf0a5ba082cf_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2836
    • C:\Users\Admin\cauaka.exe
      "C:\Users\Admin\cauaka.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2520

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\cauaka.exe
    Filesize

    300KB

    MD5

    cd70d48087194c01366f0269a372a9af

    SHA1

    f700db7cfeaf85b82494cb9d3fced6c469a1485d

    SHA256

    4b795e56507b1f8457a1dfab3d7181ab56841c9d164972e31f246a19be1543d9

    SHA512

    12887b5575fc23f6d04bfe7001b562514fd6a24fcf383a07377a4cae96fd2b3a74221677de6d514a149fe1bc4ba9b7e694c68f6cd5dfb7a4d28a3b308ccda17f

    Download Submit