Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

fbd18bd5a6...18.exe

windows7-x64

8

fbd18bd5a6...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    141s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    20/04/2024, 03:24 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fbd18bd5a62ed3061d44210f6d380464_JaffaCakes118.exe

  • Size

    3.8MB

  • MD5

    fbd18bd5a62ed3061d44210f6d380464

  • SHA1

    fc82510062e5e22491d4b7bd06f6dc1677e88679

  • SHA256

    43de6a5a18edb9a4603436ea3e5ec8359464132b5f2746330f01c2dea2fdb668

  • SHA512

    9a69ef8e46f41ce5ce46b5f5cfade142e1fda93857d9400aa681da5130e3ea4a073ff9bb689c36b6853192d3bed22d112f6ece8f4b9dd68342daf93455139804

  • SSDEEP

    98304:PR1zAJDWDGrMBomTVF2Jpn3u8G97PaZL:51zmica7K8Fra

Score
8/10
evasionpersistence

Malware Config

Signatures

  • Modifies Windows Firewall 2 TTPs 1 IoCs
    evasion
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fbd18bd5a62ed3061d44210f6d380464_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\fbd18bd5a62ed3061d44210f6d380464_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of WriteProcessMemory
    PID:2960
    • C:\Windows\SysWOW64\netsh.exe
      netsh firewall add allowedprogram C:\Arquivos de programas\Windowsupdate.exe RPC
      2⤵
      • Modifies Windows Firewall
      PID:2064

Network

  • flag-us
    DNS
    gsmtp185.google.com
    fbd18bd5a62ed3061d44210f6d380464_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    gsmtp185.google.com
    IN A
    Response
No results found
  • 8.8.8.8:53
    gsmtp185.google.com
    dns
    fbd18bd5a62ed3061d44210f6d380464_JaffaCakes118.exe
    65 B
     115 B
     1
    1

    DNS Request

    gsmtp185.google.com

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2960-0-0x0000000000360000-0x0000000000361000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2960-1-0x0000000000400000-0x0000000000E36000-memory.dmp

    Filesize

    10.2MB

    Download

  • memory/2960-2-0x0000000000400000-0x0000000000E36000-memory.dmp

    Filesize

    10.2MB

    Download

  • memory/2960-3-0x0000000000360000-0x0000000000361000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2960-4-0x0000000000400000-0x0000000000E36000-memory.dmp

    Filesize

    10.2MB

    Download

  • memory/2960-5-0x0000000000400000-0x0000000000E36000-memory.dmp

    Filesize

    10.2MB

    Download

  • memory/2960-6-0x0000000000400000-0x0000000000E36000-memory.dmp

    Filesize

    10.2MB

    Download

  • memory/2960-7-0x0000000000400000-0x0000000000E36000-memory.dmp

    Filesize

    10.2MB

    Download

  • memory/2960-8-0x0000000000400000-0x0000000000E36000-memory.dmp

    Filesize

    10.2MB

    Download

  • memory/2960-9-0x0000000000400000-0x0000000000E36000-memory.dmp

    Filesize

    10.2MB

    Download

  • memory/2960-10-0x0000000000400000-0x0000000000E36000-memory.dmp

    Filesize

    10.2MB

    Download

  • memory/2960-11-0x0000000000400000-0x0000000000E36000-memory.dmp

    Filesize

    10.2MB

    Download

  • memory/2960-12-0x0000000000400000-0x0000000000E36000-memory.dmp

    Filesize

    10.2MB

    Download

  • memory/2960-13-0x0000000000400000-0x0000000000E36000-memory.dmp

    Filesize

    10.2MB

    Download

  • memory/2960-14-0x0000000000400000-0x0000000000E36000-memory.dmp

    Filesize

    10.2MB

    Download

  • memory/2960-15-0x0000000000400000-0x0000000000E36000-memory.dmp

    Filesize

    10.2MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.