Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

08a3251583...18.exe

windows7-x64

7

08a3251583...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/04/2024, 00:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    08a3251583b49269a153c3080705ba62_JaffaCakes118.exe

  • Size

    454KB

  • MD5

    08a3251583b49269a153c3080705ba62

  • SHA1

    bde9ea76d3e61be5696436f2ab5525c864771038

  • SHA256

    9f21cfbb35b52e1eb3251ede95a0412cb1a813f4f288cc13459cdfef1d9d5dbf

  • SHA512

    ee8a17318990fc4ccc6020bf837af35da7e02d3ce91d9abd852c1e1ddec54df6bba1d1dd6ee8c027579c51e35c21237c50e557cf3664590bd4bfc4b0ab38e0ff

  • SSDEEP

    6144:BvaqS4IR/kviXzd45seH6zdi69hxMwjPVl0x55TurrU41APIJgU6Xozwdab0BXlX:s/kviXzdcH6N9h/Vl45aPU4EEkdBbX

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\08a3251583b49269a153c3080705ba62_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\08a3251583b49269a153c3080705ba62_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4844
    • C:\Users\Admin\AppData\Local\Temp\iobwnedxjvdevl.exe
      "C:\Users\Admin\AppData\Local\Temp\\iobwnedxjvdevl.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:1168
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4156 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:740

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\iobwnedxjvdevl.exe
      Filesize

      11KB

      MD5

      012c637753ac0d8a386081dfe410b909

      SHA1

      41fe035f1a2f8bc19ad18d24c1195b13935af362

      SHA256

      1c8c7c950c32bc85e83cf670781206eb67847e53a818fc761567033e6bcbea17

      SHA512

      ffe6c77e41e3e3872453cf48dcc73b8c1d232a65ad14d411b29f2224d8acfb7a665d2adc3668cabbc3a670a3f3ca3dc0b752fa18cd7b55d2fcd5fb5fb1721983

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\parent.txt
      Filesize

      454KB

      MD5

      08a3251583b49269a153c3080705ba62

      SHA1

      bde9ea76d3e61be5696436f2ab5525c864771038

      SHA256

      9f21cfbb35b52e1eb3251ede95a0412cb1a813f4f288cc13459cdfef1d9d5dbf

      SHA512

      ee8a17318990fc4ccc6020bf837af35da7e02d3ce91d9abd852c1e1ddec54df6bba1d1dd6ee8c027579c51e35c21237c50e557cf3664590bd4bfc4b0ab38e0ff

      Download Submit

    • memory/1168-11-0x0000000001420000-0x0000000001430000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1168-13-0x0000000001420000-0x0000000001430000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1168-5-0x000000001B940000-0x000000001B984000-memory.dmp

      Filesize

      272KB

      Download

    • memory/1168-6-0x000000001BF70000-0x000000001C43E000-memory.dmp

      Filesize

      4.8MB

      Download

    • memory/1168-7-0x000000001C440000-0x000000001C4DC000-memory.dmp

      Filesize

      624KB

      Download

    • memory/1168-3-0x00007FFAE37A0000-0x00007FFAE4141000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1168-10-0x0000000001280000-0x0000000001288000-memory.dmp

      Filesize

      32KB

      Download

    • memory/1168-12-0x0000000001420000-0x0000000001430000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1168-2-0x00007FFAE37A0000-0x00007FFAE4141000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1168-4-0x0000000001420000-0x0000000001430000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1168-14-0x000000001FB30000-0x000000001FB92000-memory.dmp

      Filesize

      392KB

      Download

    • memory/1168-17-0x0000000001420000-0x0000000001430000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1168-26-0x00000000223E0000-0x0000000022B86000-memory.dmp

      Filesize

      7.6MB

      Download

    • memory/1168-27-0x0000000020A20000-0x0000000020ED7000-memory.dmp

      Filesize

      4.7MB

      Download

    • memory/1168-28-0x00007FFAE37A0000-0x00007FFAE4141000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1168-29-0x0000000001420000-0x0000000001430000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1168-31-0x0000000001420000-0x0000000001430000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1168-32-0x0000000001420000-0x0000000001430000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1168-34-0x0000000001420000-0x0000000001430000-memory.dmp

      Filesize

      64KB

      Download