Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

0bd84bc71d...18.exe

windows7-x64

7

0bd84bc71d...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    01/05/2024, 12:53 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0bd84bc71da8de97d4017a2c7826b4ba_JaffaCakes118.exe

  • Size

    945KB

  • MD5

    0bd84bc71da8de97d4017a2c7826b4ba

  • SHA1

    8a8209a53d3366ffa5ef8e3bdcd579559d22519c

  • SHA256

    2a8a409e08cebb9d9ebf1c799523245a8208cc6d2e1f1760b81cf2ea70d3be6d

  • SHA512

    3ffa8350d43868d5b78cf578b29775de61dc7e254e7d48297f964becf10e7afac771adb19c6995ce2a6e5a965d0d3bbe2e5b6f464fd42948cb3310f232ee2840

  • SSDEEP

    24576:pM2zlGMLZYyVoLzr9MdZ18qVjdNi98/xBRsIg+:pM2zBqyO39686dNL5TsIg

Score
7/10
bootkitpersistencespywarestealerupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of FindShellTrayWindow 14 IoCs
  • Suspicious use of SendNotifyMessage 14 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0bd84bc71da8de97d4017a2c7826b4ba_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0bd84bc71da8de97d4017a2c7826b4ba_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2024
    • C:\ProgramData\defender.exe
      C:\ProgramData\defender.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Enumerates connected drives
      • Writes to the Master Boot Record (MBR)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:552

Network

  • flag-us
    DNS
    download4clean.com
    0bd84bc71da8de97d4017a2c7826b4ba_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    download4clean.com
    IN A
    Response
  • flag-us
    DNS
    soft-4download.com
    defender.exe
    Remote address:
    8.8.8.8:53
    Request
    soft-4download.com
    IN A
    Response
No results found
  • 8.8.8.8:53
    download4clean.com
    dns
    0bd84bc71da8de97d4017a2c7826b4ba_JaffaCakes118.exe
    64 B
     137 B
     1
    1

    DNS Request

    download4clean.com

  • 8.8.8.8:53
    soft-4download.com
    dns
    defender.exe
    64 B
     137 B
     1
    1

    DNS Request

    soft-4download.com

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \ProgramData\defender.exe
    Filesize

    851KB

    MD5

    ba6da668e1ec7252c9ddcb1c377f4237

    SHA1

    01cb91823b084fd6a313caa2327a1dcde4328703

    SHA256

    6b9d93ad92c2dd9332b26bde4308a2cc1e765827fdadc4769b941d9f49bb6152

    SHA512

    12cff89ae1bb50531d7e24f34d8d53db1eab6175a7f24c3bd053b40518fee115b3d80bbb40d61d3e1a3b53f3fdaeeb05de49b5a5a6f97eac6bba5997cb559d03

    Download Submit

  • memory/552-29-0x0000000000B80000-0x0000000000B90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/552-31-0x0000000000400000-0x0000000000A24000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/552-46-0x0000000000400000-0x0000000000A24000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/552-45-0x0000000000400000-0x0000000000A24000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/552-44-0x0000000000400000-0x0000000000A24000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/552-43-0x0000000000400000-0x0000000000A24000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/552-42-0x0000000000400000-0x0000000000A24000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/552-19-0x0000000000400000-0x0000000000A24000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/552-30-0x0000000000400000-0x0000000000A24000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/552-21-0x0000000000400000-0x0000000000A24000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/552-24-0x0000000000400000-0x0000000000A24000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/552-25-0x0000000000400000-0x0000000000A24000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/552-26-0x0000000000020000-0x0000000000021000-memory.dmp

    Filesize

    4KB

    Download

  • memory/552-27-0x0000000000400000-0x0000000000A24000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/552-41-0x0000000000400000-0x0000000000A24000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/552-28-0x0000000000400000-0x0000000000A24000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/552-20-0x0000000000B80000-0x0000000000B90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/552-40-0x0000000000400000-0x0000000000A24000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/552-32-0x0000000000400000-0x0000000000A24000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/552-33-0x0000000000020000-0x0000000000021000-memory.dmp

    Filesize

    4KB

    Download

  • memory/552-35-0x0000000000400000-0x0000000000A24000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/552-36-0x0000000000400000-0x0000000000A24000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/552-37-0x0000000000400000-0x0000000000A24000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/552-38-0x0000000000400000-0x0000000000A24000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/552-39-0x0000000000400000-0x0000000000A24000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2024-0-0x0000000000400000-0x00000000006D5000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2024-2-0x0000000000400000-0x00000000006D5000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2024-18-0x0000000002EA0000-0x00000000034C4000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2024-12-0x0000000000820000-0x0000000000830000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2024-1-0x0000000000B20000-0x0000000000B30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2024-8-0x0000000000400000-0x00000000006D5000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2024-5-0x0000000077080000-0x0000000077081000-memory.dmp

    Filesize

    4KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.