Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

fdd35025d3...18.exe

windows7-x64

6

fdd35025d3...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/04/2024, 22:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fdd35025d303363a1a51b4baef1a3ca7_JaffaCakes118.exe

  • Size

    161KB

  • MD5

    fdd35025d303363a1a51b4baef1a3ca7

  • SHA1

    eb082f5ac48b5364a6822c282f21e5d9ffcc9c6e

  • SHA256

    eadf6bdd0931c2489b356ae6311f095dcf2b11858ca6d663f97499cf5c259116

  • SHA512

    2c8df353b77eadc28af5b0399253db43a9697f379eeaff990a1866df66519d5957a559796fd916d3ce7da8fb4908c31246a15062e4a9e1b2aceafd33e20df36e

  • SSDEEP

    3072:/cT9g8immW6Pozkk2eKs/CSr2nQ/E2S5ny+bF2u1I+ddDK7Hlq/e8O:o68i3odBiTl2+TCU/k

Score
7/10
persistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 12 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fdd35025d303363a1a51b4baef1a3ca7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\fdd35025d303363a1a51b4baef1a3ca7_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:4436
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\bugMAKER.bat
      2⤵
      • Checks computer location settings
      • Suspicious use of SetWindowsHookEx
      PID:808

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\bugMAKER.bat
    Filesize

    90B

    MD5

    0fb68de4ae2dcbd200cda3a985138b24

    SHA1

    91c20f33ee98f025fd27cf7c3543ed928ded4e26

    SHA256

    7e78eddcd57eee22bd68a36ebeaf8b3d62a4dad6020d31e165663e582c145ccc

    SHA512

    009dda03ef1be1b18f81a84388d24b7f7cfe96c5388daa1cdc54b512bdebd5ab5eb7b9097a479ec22f2f86b7db2b4979c21d1e448aaa316af3c760fbe8a706e6

    Download Submit

  • memory/4436-24-0x0000000000400000-0x000000000042D000-memory.dmp

    Filesize

    180KB

    Download