Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

f2ef5cde02...18.exe

windows7-x64

10

f2ef5cde02...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    16/04/2024, 06:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f2ef5cde02e79c38338e7bb163d63b5f_JaffaCakes118.exe

  • Size

    134KB

  • MD5

    f2ef5cde02e79c38338e7bb163d63b5f

  • SHA1

    3d272166feefc6bf275182bf57c9d12fc0bd5fcc

  • SHA256

    ff1a30e56965197f69bb88572482f53816230b416924d30097dcce9bcb0c32ee

  • SHA512

    086b88e9385419978f04f6a8a3d0dc7ebd8b8c66ac99d2218b8f9b2398d9e2ed51d49ec4587e451ea19ce156e1f7c0dfd624b025dc182936b9d0c3cfc962203b

  • SSDEEP

    3072:MMwZSQpKa3VGVnpUlCz764/9xpEEBqbZuwK5iGHeqovv:M3JVGpxx9b3wZuwK4GHeqo

Score
10/10
gh0stratrat

Malware Config

Signatures

  • Gh0st RAT payload 2 IoCs
  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat
  • Deletes itself 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f2ef5cde02e79c38338e7bb163d63b5f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f2ef5cde02e79c38338e7bb163d63b5f_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1960
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k imgsvc
    1⤵
    • Deletes itself
    • Suspicious behavior: EnumeratesProcesses
    PID:2972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\1074400.dll
    Filesize

    101KB

    MD5

    6be72d4ad0a31518eb3b3b819cfd5b9b

    SHA1

    314beb3e971046d636cbb2d55c8c48000f62d9fe

    SHA256

    193f711c4563a59608047a6326a396631536bcf0bc6a01e1a9b28cdb380d3861

    SHA512

    43dbe3f541c9a9604c9f11a79112a0c3f22ec5701167d08558ec8392f7b07a9ab769c3c623b6085cb3fa00664687331daa929dcd3274a265d7261e0d024cc59c

    Download Submit

  • C:\Windows\FileName.jpg
    Filesize

    13.3MB

    MD5

    fa205b5be99fb76d5b8a5ae60a8fa392

    SHA1

    4a81249d052fec2f03a33e2ce66b3f4fcf3e3305

    SHA256

    a599dba2dad9b0bd4070d751fc102a6d20f4b244d64f96ba2480992c30620e10

    SHA512

    55587bf97416cf13e8bc988c9aadd74494dc468519deb615660787877c513bfcefdc725d86ed87d84bffee634bf0584ebf511fc62f5bf2759545ed9d456a5e9b

    Download Submit

  • \??\c:\NT_Path.jpg
    Filesize

    99B

    MD5

    eada2345597d90898ee9f3d904cb4b42

    SHA1

    d9a2aa63a9e86b135c8dac65dbf08c55b7fed792

    SHA256

    0dc6ffbeb8ee0e78e7c136379b266f0ac70e1b3e686cc2a02fcba95018c5bce8

    SHA512

    8233f45b5cc0ad8861666ab10ae01e474cefa3d8cbab34700d92fc068b86620bf9a83ef4fe22c7b64371291b3e16507b60b453295da9479336d1f7a3d287799b

    Download Submit