Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

1493f7df02...18.exe

windows7-x64

8

1493f7df02...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    141s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/05/2024, 21:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1493f7df02a11e3cd9c85ac2e0650997_JaffaCakes118.exe

  • Size

    81KB

  • MD5

    1493f7df02a11e3cd9c85ac2e0650997

  • SHA1

    6bfa4bef31d77b0af520da09e300fa43fe3b80f9

  • SHA256

    63142cd4de2391551048db615c78e2360e10f146b610a10caa9c01421c686efe

  • SHA512

    7473ac1faae2b7eddd639bb4d767cf780ebe17518cb16e9679be20cba39b2ab50e41cb60d175556e85695688c51b95218df7cdde8bef2317ae8efbf425c3f4f0

  • SSDEEP

    1536:xFqsQSZRzMfmCj/5gXVV66VyUD6CS3f1TqoIM:TnZRzImCr5glVLgUDBk1ue

Score
8/10
persistence

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 4 IoCs
    persistence
  • Sets service image path in registry 2 TTPs 1 IoCs
    persistence
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 13 IoCs
  • Modifies registry class 3 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1493f7df02a11e3cd9c85ac2e0650997_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1493f7df02a11e3cd9c85ac2e0650997_JaffaCakes118.exe"
    1⤵
    • Adds policy Run key to start application
    • Sets service image path in registry
    • Adds Run key to start application
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    PID:4188

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\userun32.exe
    Filesize

    81KB

    MD5

    92f7a827864f45db1b23b00b75bd5d11

    SHA1

    b7359f63b2f7cab854b91ca16ad588527c098571

    SHA256

    8d579929c22d9aa207e3c7e7c9bfe3d2eaa1cad2da662692808c33f6eba6e9ab

    SHA512

    bf16bc385cd95d333cd37a2ce0f9cb9cbde9bf75dbbf26c498577443efd9a54de3d7f11fbadf34bdff41aefc7b2ae917f7812d169c72979d2daecdf785fefe61

    Download Submit

  • memory/4188-0-0x0000000000400000-0x000000000049A000-memory.dmp

    Filesize

    616KB

    Download

  • memory/4188-17-0x0000000000400000-0x000000000049A000-memory.dmp

    Filesize

    616KB

    Download

  • memory/4188-18-0x0000000000400000-0x000000000049A000-memory.dmp

    Filesize

    616KB

    Download