Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

0a2e159600...18.exe

windows7-x64

10

0a2e159600...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/04/2024, 17:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0a2e159600ace29d7f8219e8a79738f0_JaffaCakes118.exe

  • Size

    254KB

  • MD5

    0a2e159600ace29d7f8219e8a79738f0

  • SHA1

    0da9c6e7c8dfc761d5f66f4bf723e304337122b1

  • SHA256

    d1daed5dd378098d30d82da2c7ac87a3deec2111d664b28213fcd7f1e7de1aa3

  • SHA512

    ce94a87a714c751efcdf47c33956b4d37b2a9315080c1458c102182fcc21ec5d67d9d80236ef57bd1a59b03c131beefc78a30d5801e529a3c82890ba425f2afc

  • SSDEEP

    6144:C731bdBaB19NqsvqpaW72u8eS01mBJdWN62YUCJZ7ygE6lga:I1biTuac18eJ1mBPW04CJZOt6r

Score
10/10
persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0a2e159600ace29d7f8219e8a79738f0_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0a2e159600ace29d7f8219e8a79738f0_JaffaCakes118.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops file in System32 directory
    PID:4364

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\DC++ Share\RCX2B6.tmp
    Filesize

    62KB

    MD5

    b126345317624479f78fbf30b3a1fe5a

    SHA1

    655c966bf7bbf96ee49c83062d30b9dba17d693c

    SHA256

    8723d2d97d52f6d3b63968594c93bf2c5b5300b306c9670be4616cb134964301

    SHA512

    d0be6d608b5f4e482287d16e6587e00be1b4390f78efc3ce63008f99be7358e65f0eef9eba330d845462b64fa7a86cc3f1395b863ad0f8d01c0b790fc2f4c02d

    Download Submit

  • C:\Windows\SysWOW64\xdccPrograms\7zG.exe
    Filesize

    683KB

    MD5

    659ad7e9e3a56aca99b0e9c286b77e91

    SHA1

    975deec318fb693b552abc98d4b62fd59cb9a14b

    SHA256

    0b762d70d1b8e88ebf0a2e35ec70d4408e2fd9736f4b99e3a5d92be8e259667a

    SHA512

    23dd8c3f170fd859680826083a7cd7dcdaccded85aa16c89a78e62dfda37214bf2bfaee501d4c71eb77ec7e18345b94f2dccf40084f065a00aae2f8d102e3807

    Download Submit

  • memory/4364-20-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4364-27-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4364-18-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4364-21-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4364-22-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4364-23-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4364-24-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4364-19-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4364-28-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4364-48-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4364-17-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4364-104-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4364-105-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4364-106-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download