Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

f74da4cb58...18.exe

windows7-x64

7

f74da4cb58...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    18/04/2024, 04:52 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f74da4cb58be5d38de0d5da1286d336d_JaffaCakes118.exe

  • Size

    313KB

  • MD5

    f74da4cb58be5d38de0d5da1286d336d

  • SHA1

    ad66a2c16165182a1efe56f712419195ff073512

  • SHA256

    e72b0c789aae217b0bbc575361c3ce1bb7ecda572e8fc023825d86020040e2dc

  • SHA512

    1fd91d888528eee1a44ebb2add18530859928ac3b3c25d9d072c5ca6a36e30ce555a691902b6161f17db1a29aeea210e6f96ccb9caca1fd7b2a836c71c0342f2

  • SSDEEP

    6144:tz5K14o/r+O7+1RKXrHJk5UXkalaqq8+8gXmgGVyuD1G0IUJmqHafm:TK/S/2XrHJmR8NgGouRNBsqHem

Score
7/10
persistenceupx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f74da4cb58be5d38de0d5da1286d336d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f74da4cb58be5d38de0d5da1286d336d_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2384
    • C:\ProgramData\iNeMdEc07000\iNeMdEc07000.exe
      "C:\ProgramData\iNeMdEc07000\iNeMdEc07000.exe" "C:\Users\Admin\AppData\Local\Temp\f74da4cb58be5d38de0d5da1286d336d_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:1516

Network

    No results found
  • 91.193.194.40:80
    iNeMdEc07000.exe
    152 B
     120 B
     3
    3
  • 91.193.194.40:80
    iNeMdEc07000.exe
    152 B
     120 B
     3
    3
  • 91.193.194.40:80
    f74da4cb58be5d38de0d5da1286d336d_JaffaCakes118.exe
    152 B
     120 B
     3
    3
  • 91.193.194.40:80
    f74da4cb58be5d38de0d5da1286d336d_JaffaCakes118.exe
    152 B
     120 B
     3
    3
  • 91.193.194.40:80
    f74da4cb58be5d38de0d5da1286d336d_JaffaCakes118.exe
    152 B
     120 B
     3
    3
  • 91.193.194.40:80
    f74da4cb58be5d38de0d5da1286d336d_JaffaCakes118.exe
    152 B
     120 B
     3
    3
  • 91.193.194.40:80
    f74da4cb58be5d38de0d5da1286d336d_JaffaCakes118.exe
    152 B
     120 B
     3
    3
  • 91.193.194.40:80
    f74da4cb58be5d38de0d5da1286d336d_JaffaCakes118.exe
    152 B
     120 B
     3
    3
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \ProgramData\iNeMdEc07000\iNeMdEc07000.exe
    Filesize

    313KB

    MD5

    6288304eecfd70091fac565c498a7032

    SHA1

    8d9e2b5d6924647dd67e95734e6e0032ae62b159

    SHA256

    37056305e6fe145346fe20f4a03881a62e7c0a6e35fec929e70efff7fa0e3bab

    SHA512

    8dc16be5a579b33d4386f8e6b29135f6c8bcbb51ccbbd65a31fc26aa9dbd649b75969a6f40e0e4f223f70e0f35bde0b52aa465c5d7b742539a3169e15dedf375

    Download Submit

  • memory/1516-22-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/1516-26-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/1516-38-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2384-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2384-1-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2384-3-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2384-4-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2384-5-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2384-23-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2384-37-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.