Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

fa87fd28fc...18.exe

windows7-x64

10

fa87fd28fc...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    19/04/2024, 14:47 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fa87fd28fc92dd89efc9bf0215aa6ebb_JaffaCakes118.exe

  • Size

    252KB

  • MD5

    fa87fd28fc92dd89efc9bf0215aa6ebb

  • SHA1

    485ea45c96d00d36634c7eabf7a0f41871357d02

  • SHA256

    50480142a432b6c1770e4a026ae416d784acfe8e449ed336aba1f6a2bbfcced5

  • SHA512

    d73fe547cbbd9d6a8b58ceadb9bc269c277e9b36235ba1a5aa5c9c8e6e7e19da640638ede899699fdda79ec1cb7012f83d99581f67923b96e96f215c2307d208

  • SSDEEP

    3072:gY7jaHLUCX34dmgJYsozBm2tfyXu1h5CeriHACqH/1ptrMAoSeLv5YXm:gAqUCXIdm/NBm2tuMpBeS

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 50 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fa87fd28fc92dd89efc9bf0215aa6ebb_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\fa87fd28fc92dd89efc9bf0215aa6ebb_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1924
    • C:\Users\Admin\bovel.exe
      "C:\Users\Admin\bovel.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:3028

Network

  • flag-us
    DNS
    ns1.player1532.com
    fa87fd28fc92dd89efc9bf0215aa6ebb_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.player1532.com
    IN A
    Response
    ns1.player1532.com
    IN A
    104.155.138.21
    ns1.player1532.com
    IN A
    107.178.223.183
  • 104.155.138.21:8001
    ns1.player1532.com
    fa87fd28fc92dd89efc9bf0215aa6ebb_JaffaCakes118.exe
    518 B
     372 B
     11
    9
  • 8.8.8.8:53
    ns1.player1532.com
    dns
    fa87fd28fc92dd89efc9bf0215aa6ebb_JaffaCakes118.exe
    64 B
     96 B
     1
    1

    DNS Request

    ns1.player1532.com

    DNS Response

    104.155.138.21
    107.178.223.183

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\bovel.exe
    Filesize

    252KB

    MD5

    1eb2b1e1143d8dd9aebc89737cb8db3d

    SHA1

    e186887e11f13b5752c8c9866d55bf0c6eae603b

    SHA256

    79406a32536c50e88454aaab76a583db867ddc8136af496ee83a386b2bf4e2ee

    SHA512

    b9c4b0f5529dce20114951ac990627a1d87b0a39620d29fe1a8a8af718899094c870e14c17ec9855fb7b8e8e925ed4fd8ad8152111502f574741e94af7f6d9e1

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.