Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

f8892f9730...18.exe

windows7-x64

10

f8892f9730...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    18/04/2024, 18:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f8892f9730f13b42121361fbd357732d_JaffaCakes118.exe

  • Size

    12KB

  • MD5

    f8892f9730f13b42121361fbd357732d

  • SHA1

    2c20c5526adb21dd065f48c6effa220b551caeb7

  • SHA256

    4edc47bf1cfebabc1e4803e438b1beb3853f3d928a20e0ec507455d300a8d875

  • SHA512

    a4aa3abe63795f42363a0dc55452fca24351593465d696358ff70ae09992045b91dc9ae173d4e2eea6915fa824ee8db32e670f95aa2f0ea4224c6bdf31781dd6

  • SSDEEP

    192:WF14nGKN7d5QstF9851DKOX1A+b15T2qf4FAwUUTZ1yXTV4aiuNcylN7Smpcjy:SNKN7MSF9kw4A+b11pwTWX545SpfSmWm

Score
10/10
persistence

Malware Config

Signatures

  • Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 1 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 3 IoCs
  • Modifies registry class 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f8892f9730f13b42121361fbd357732d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f8892f9730f13b42121361fbd357732d_JaffaCakes118.exe"
    1⤵
    • Adds autorun key to be loaded by Explorer.exe on startup
    • Loads dropped DLL
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3040
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\D5B6.tmp.bat
      2⤵
      • Deletes itself
      PID:2724

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\D5B6.tmp.bat
    Filesize

    207B

    MD5

    601ca62d99e1478198078c0913a59ef9

    SHA1

    66027fda1522afb8263296d0485b9204740df9f7

    SHA256

    c29b41356422ac5e0fb21068eda6c96a6699cb1c34e6ce2ef98448a2ed7249f1

    SHA512

    9aadc67928559789a39cebb6cfddf7bdf0859a2a4f5c6c61043efd99b09fe68e9384fb3ca99e66db46a567b3b58c785eb505060e9bb23ae9d9f081eaa43cbc3d

    Download Submit

  • C:\Windows\SysWOW64\slbiopfs2.nls
    Filesize

    428B

    MD5

    249d36eaf9e5cc7ffeb4082829b4af78

    SHA1

    1f102e3e0833707f2a74d26ccae0ee62c0cd5550

    SHA256

    8fa5788b5e59ebee1b408e357b22b85b70381a1498286a2579ece01cf6e0e055

    SHA512

    3430350b1bfa9161850e4433baa54cbcf0f9d9431ebeab21820df21c94ff55b71f8e9b20c6680a6837deb6c490acf1732ab4a70573c4b6cdf575456c5093e7cd

    Download Submit

  • C:\Windows\SysWOW64\slbiopfs2.tmp
    Filesize

    555KB

    MD5

    f2e69da9e0d62e24905ef574daf58420

    SHA1

    a71c878e6c475806c2424491073b8bea767c96e6

    SHA256

    6e84de1e99366bae2ea5d7f2de325a7ba40841eba83586956098e93e3dbd894a

    SHA512

    1d509770615bb440eeac9dcf971f1cf6e061c4fb8bed97975a2aa5ccd351a8c09e70810030f856c9d3ef55b61b48060af043ba4850332a8f4ad6ec00cc12a58d

    Download Submit

  • memory/3040-16-0x0000000020000000-0x0000000020008000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3040-25-0x0000000020000000-0x0000000020008000-memory.dmp

    Filesize

    32KB

    Download