Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

f2be9729ab...18.exe

windows7-x64

7

f2be9729ab...18.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    146s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16/04/2024, 05:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f2be9729ab9c44c43c42f578331c6247_JaffaCakes118.exe

  • Size

    209KB

  • MD5

    f2be9729ab9c44c43c42f578331c6247

  • SHA1

    ee6ce316f193f5fd400098bf8e90872ee1348f97

  • SHA256

    e64b2a3925496be3202534fd9278b90f0d5eb014491630a3a15d877b721f0d67

  • SHA512

    d6272b8c926c3d8f858ee4e6fe43f020ba9356aef3c40abf99cf93618759ba80ddd0d0588c57826dc62551f35dc6526392c3ce89d1a481012ec15c2c8624e063

  • SSDEEP

    6144:74VUVK1pQYsbgVqmCit8l+Fuj9v7DcY44:EVWADVJR8lXtDcr

Score
7/10
persistence

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 32 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f2be9729ab9c44c43c42f578331c6247_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f2be9729ab9c44c43c42f578331c6247_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2012
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Windows\system32\sshnas21.dll,GetHandle
      2⤵
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:2668

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\SysWOW64\sshnas21.dll
    Filesize

    170KB

    MD5

    874b932bc9806e148f81f063045941f9

    SHA1

    5564ae7e743bb253942f7e214a541dde8a405f44

    SHA256

    7d990b2d5c93923e65ab49907a58f3de453be79aa58980e99259ffdd4f257570

    SHA512

    10143d872db11fe9ce4854f9789a5e864738123bac304176e93fa4c3714ce56c9b048ee861f62be6dc6449d91445dbcc7867caa67733b9fd719a5ecf55173606

    Download Submit

  • memory/2012-14-0x0000000000400000-0x0000000000437000-memory.dmp

    Filesize

    220KB

    Download

  • memory/2012-1-0x0000000000400000-0x0000000000437000-memory.dmp

    Filesize

    220KB

    Download

  • memory/2012-8-0x0000000010000000-0x000000001005A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/2012-7-0x0000000000380000-0x000000000039C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/2012-0-0x0000000000240000-0x000000000026D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/2668-19-0x0000000010000000-0x000000001005A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/2668-22-0x0000000010000000-0x000000001005A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/2668-17-0x0000000010000000-0x000000001005A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/2668-18-0x0000000010000000-0x000000001005A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/2668-15-0x0000000010000000-0x000000001005A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/2668-20-0x0000000010000000-0x000000001005A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/2668-21-0x0000000010000000-0x000000001005A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/2668-16-0x0000000010000000-0x000000001005A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/2668-23-0x0000000010000000-0x000000001005A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/2668-24-0x0000000010000000-0x000000001005A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/2668-25-0x0000000010000000-0x000000001005A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/2668-26-0x0000000010000000-0x000000001005A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/2668-27-0x0000000010000000-0x000000001005A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/2668-28-0x0000000010000000-0x000000001005A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/2668-29-0x0000000010000000-0x000000001005A000-memory.dmp

    Filesize

    360KB

    Download