Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

f01ef057f2...18.exe

windows7-x64

7

f01ef057f2...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    15/04/2024, 02:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f01ef057f23f2116a29fce1a698d238d_JaffaCakes118.exe

  • Size

    374KB

  • MD5

    f01ef057f23f2116a29fce1a698d238d

  • SHA1

    4e7ee27ce39576d5eb802edc60b2bb9d317a1a72

  • SHA256

    82ce08a0f21c5ed17ae9c7398a109be7284bbe12eee716ce701ab5f393590ff5

  • SHA512

    a1e21c8e1e188c9989d63a8d9db011f8231392e66e968bad094e2b7d3084ab5cec89d9b9090a4e73269441aae4f9859761041367b1e47a388a6ba527c9c37018

  • SSDEEP

    6144:NS+6eXG1LasZubmVbP5SKEdz3/gwlB/iySRJVWvvZjl+/B2uGyXubTj/SdBOgeYH:ZLXgWHmh5VEdTxlB6JUvZABlaHjaztVZ

Score
7/10
persistenceupx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f01ef057f23f2116a29fce1a698d238d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f01ef057f23f2116a29fce1a698d238d_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2060
    • C:\ProgramData\oM38001LkPjO38001\oM38001LkPjO38001.exe
      "C:\ProgramData\oM38001LkPjO38001\oM38001LkPjO38001.exe" "C:\Users\Admin\AppData\Local\Temp\f01ef057f23f2116a29fce1a698d238d_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:2640

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\oM38001LkPjO38001\oM38001LkPjO38001
    Filesize

    192B

    MD5

    0691c21df2a6bfe0bc15b18d45262bd8

    SHA1

    976166a96c7bdf513305d909fd424ed0ef0bde0d

    SHA256

    80f928d885bde5c27c0e572ddf45f70eb048deb4195cd1550047ed59033f01c6

    SHA512

    13d16184a203519535e4f840433907e5499be4cba9eae8e3e5e80676d4cc65662432f755c265a96d0da903ee871ea70a34f092b397acf00e167f202f52b5cd61

    Download Submit

  • \ProgramData\oM38001LkPjO38001\oM38001LkPjO38001.exe
    Filesize

    374KB

    MD5

    3f8ddd9087a7771541a8f3eb9269ced7

    SHA1

    ecb701e9d4946c41dcbb03b7677eba8a5a7e4254

    SHA256

    ade139ef6b5c2846b1e1d0189893f374cdf8505a8a171eed8eee6a0acd754853

    SHA512

    d53682e5a9aa87b5b7f86fb5c7258fa21c38bbaf649f789a9009e67cd1240c6b83512fd1fff79f705fa0a15e81821f9c2f28d472ed93c750710abd01ead31b5a

    Download Submit

  • memory/2060-0-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/2060-1-0x00000000021D0000-0x0000000002275000-memory.dmp

    Filesize

    660KB

    Download

  • memory/2060-2-0x00000000002E0000-0x0000000000333000-memory.dmp

    Filesize

    332KB

    Download

  • memory/2060-8-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/2060-17-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/2640-16-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/2640-18-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/2640-27-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/2640-36-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download