Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

f9f5ed79eb...18.exe

windows7-x64

f9f5ed79eb...18.exe

windows10-2004-x64

Analysis

  • max time kernel
    6s
  • max time network
    7s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    19/04/2024, 08:59 UTC

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown: "{\"level\":\"info\",\"time\":\"2024-04-19T09:00:07Z\",\"message\":\"Dirty snapshot: /var/lib/sandbox/hatchvm/win7-20231129-en/instance_19-dirty.qcow2\"}"
Report Analysis Logs

General

  • Target

    f9f5ed79eb3c639293d2594baee9c51c_JaffaCakes118.exe

  • Size

    90KB

  • MD5

    f9f5ed79eb3c639293d2594baee9c51c

  • SHA1

    1d8e10db6d63393295164ddce847aca0ad9b3f93

  • SHA256

    ed27bbe0f30e92a972def514aa432b2b78e06467479f8ad0b826b021d8ded48a

  • SHA512

    879009f0f4565e404025aa003a51fa330d2ae521b6f0a7bc6c1690bdcaec330ef0422679d863ce31c0c80d35040f4c0acac0fa11e8d85996c7c73669147d5cdc

  • SSDEEP

    1536:0y+yGpwKkA2XD+FyJ35+j/EmkLPaufu5O12WotI5BV0Cz:0kTN6FIgj/ErCufcWoan

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f9f5ed79eb3c639293d2594baee9c51c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f9f5ed79eb3c639293d2594baee9c51c_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2356
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:1964
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:2712

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1964-5-0x0000000002D90000-0x0000000002D91000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2356-0-0x0000000001000000-0x0000000001018000-memory.dmp

        Filesize

        96KB

        Download

      • memory/2356-1-0x0000000000220000-0x0000000000221000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2356-2-0x0000000001000000-0x0000000001018000-memory.dmp

        Filesize

        96KB

        Download

      • memory/2712-6-0x0000000002B30000-0x0000000002B31000-memory.dmp

        Filesize

        4KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.