Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    146s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    18/04/2024, 10:13

General

  • Target

    f7c7f796efa9d426820550fe7436fdac_JaffaCakes118.exe

  • Size

    3.5MB

  • MD5

    f7c7f796efa9d426820550fe7436fdac

  • SHA1

    4a3902551497203b2f335cc0375c3a4dd6c4fed0

  • SHA256

    4783556e306a33d0f2b82a4b252d64947c84af40d8219cc9c24892552f6f4d8c

  • SHA512

    f7df1cf6067aab2818f6b2739f11707ec03141bbc1b87a62c9e1c34f91af00620f63c174388736557d83135ce1b4f42593a590622112928383c0b88244bffcfd

  • SSDEEP

    98304:I/qAVyk9q/MtommYK9zKAc0MymmYK9zKAc0M:xswxmmYK9+AcdymmYK9+Acd

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f7c7f796efa9d426820550fe7436fdac_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f7c7f796efa9d426820550fe7436fdac_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1732
    • C:\Users\Admin\AppData\Local\Temp\387E.tmp
      "C:\Users\Admin\AppData\Local\Temp\387E.tmp" --pingC:\Users\Admin\AppData\Local\Temp\f7c7f796efa9d426820550fe7436fdac_JaffaCakes118.exe 9F8153D64F9C127A2FBC65C2EF2CCF28E297687D8DD15441F521C427C5D4EFE334C28DB8BDA8E42C6E35EB429B029FBF231E23DF90E582882DC43A2D230CB392
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: RenamesItself
      • Suspicious use of WriteProcessMemory
      PID:2752
      • C:\Users\Admin\AppData\Local\Temp\f7c7f796efa9d426820550fe7436fdac_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\f7c7f796efa9d426820550fe7436fdac_JaffaCakes118.exe"
        3⤵
        • Executes dropped EXE
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2900

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\387E.tmp

    Filesize

    3.5MB

    MD5

    bfa3329a95bce54af50fb708fae819f1

    SHA1

    a06e45960bea6d7f45bbe0aeb0b8e6f5fcb5e19d

    SHA256

    356c7ece736fcd98767e9d3b65949103c34adc7c6bd9361e23e4055b9d549270

    SHA512

    e0a0cb21d26a132b3d873f479de016083d2d2e52c30e379eabbe4eebc270a61a51ed9c606f63383db317a6ce070d7eea17522c56b9a2c4de7863e6116839b44a

  • \Users\Admin\AppData\Local\Temp\f7c7f796efa9d426820550fe7436fdac_JaffaCakes118.exe

    Filesize

    1.1MB

    MD5

    cd75d3e263ff0d1d13aad24cdb9f2593

    SHA1

    cbcf46c2524176ce03cbfdb69017788282e495a5

    SHA256

    ccac4ef83f1484c207be895e40037f23138d911c1ec537ffd6577ef789c974c4

    SHA512

    16c489e2a2337bb7d23b5d6507d769a62d2c4ffd6b30c237752ab38c935eb92dcf74c75b972279f95617d82de69f25c53db819ddc1e543e35d89ad0956c3df87

  • memory/2752-11-0x0000000002E40000-0x0000000003253000-memory.dmp

    Filesize

    4.1MB

  • memory/2900-13-0x0000000001170000-0x0000000001583000-memory.dmp

    Filesize

    4.1MB

  • memory/2900-14-0x0000000000110000-0x0000000000113000-memory.dmp

    Filesize

    12KB

  • memory/2900-73-0x0000000001170000-0x0000000001583000-memory.dmp

    Filesize

    4.1MB

  • memory/2900-75-0x0000000000110000-0x0000000000113000-memory.dmp

    Filesize

    12KB

  • memory/2900-87-0x0000000001170000-0x0000000001583000-memory.dmp

    Filesize

    4.1MB