Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

ed9e4c4708...18.exe

windows7-x64

7

ed9e4c4708...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/04/2024, 14:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ed9e4c47089afd54058f4c8be8c4a579_JaffaCakes118.exe

  • Size

    385KB

  • MD5

    ed9e4c47089afd54058f4c8be8c4a579

  • SHA1

    735e35db4e17a2d7b5c703f8ffa91aac53960c00

  • SHA256

    4ddff0e72faff897c076bdbd7e4e085a1486d6b9a8f4bf0d626a0e12d9c3ee96

  • SHA512

    b0c85f60280158529a8a7cb34b658e2be49b56b70d87d49aca59d75b752206416a0dab10d038a208f854fb0462edbd3ad5f51fca3b14e1fca69025cc1c69a212

  • SSDEEP

    6144:rUbfHNdzLwsoyrw4lgiwPVLZdMmbDq8yyjS9kcbCk+TTZHLJqHL+ZB6B//iaED3B:kldnw4kmgRVd/bD3Nv08ZrJqHL5oaYB

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ed9e4c47089afd54058f4c8be8c4a579_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ed9e4c47089afd54058f4c8be8c4a579_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1940
    • C:\Users\Admin\AppData\Local\Temp\ed9e4c47089afd54058f4c8be8c4a579_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\ed9e4c47089afd54058f4c8be8c4a579_JaffaCakes118.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4268

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ed9e4c47089afd54058f4c8be8c4a579_JaffaCakes118.exe
    Filesize

    385KB

    MD5

    c71ef2c85093656c449885d20d43cb57

    SHA1

    ebfae19dc767fcc14e55647e9b1c04e50e22253d

    SHA256

    fe31e20c3ecc8c77a93b90f2a0860068f378043992972bebc7cc12cc37717abf

    SHA512

    7821e00b97305a640f5f1acbed6d21c9771b48733a475b593fa78586a4467943a71699ee0c5e74901f20ad98f20fb49f2f567b01777f59379c258db03344492e

    Download Submit

  • memory/1940-0-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/1940-1-0x00000000014D0000-0x0000000001536000-memory.dmp

    Filesize

    408KB

    Download

  • memory/1940-2-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/1940-11-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/4268-13-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4268-14-0x00000000014D0000-0x0000000001536000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4268-20-0x0000000004EC0000-0x0000000004F1F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/4268-21-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/4268-30-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4268-31-0x000000000C800000-0x000000000C83C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/4268-36-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download