Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

c0708d42e4...18.exe

windows7-x64

7

c0708d42e4...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/05/2024, 09:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c0708d42e4987f1aa26818c3cae29862_JaffaCakes118.exe

  • Size

    4.1MB

  • MD5

    c0708d42e4987f1aa26818c3cae29862

  • SHA1

    0d80791612deb086109101d5b42a2b7afe84c23c

  • SHA256

    ca2c001a46eda58f4d32fab9f2ea670bc6e3cb6f6e7f50521f5e90bedcba2d0e

  • SHA512

    4c087150555540dc405308241b2a09297fe77ea8f5f93df9da907ecc832fa896abcdcac1a498455cc641aa30c99cccea29ebababdeec3d38cdd2d23ae7b3ff59

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpQ4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmL5n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c0708d42e4987f1aa26818c3cae29862_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c0708d42e4987f1aa26818c3cae29862_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2544
    • C:\Files12\abodsys.exe
      C:\Files12\abodsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:932

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Files12\abodsys.exe
    Filesize

    4.1MB

    MD5

    94a3cd652395c691c728445d3c00e916

    SHA1

    ba919b7c01a9bac0216e6a54da8de52875831456

    SHA256

    3c9c8d44fa9bde4efd798ad2ce049ac3c75e085d4fa3522702532c2aab27bfa3

    SHA512

    69f43f0bd53ffedf22fe87e578ba4cf86f34d9d0501bbe617a501a38d64333c00208fd525590f1c1cde59316cf5b503e03ad3ba2896b208da4dd5c609b8e2c50

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    199B

    MD5

    032ca3dbb7e62d2b83b38adf6bd19161

    SHA1

    c267ed9648eb659720c023d0da70ecbc1819ad06

    SHA256

    7b0018c338a0b91718b98286e39c4572dd35e5ff1db9231b70979950f3f99378

    SHA512

    a2015fa698f3dafbdadf6ae15b034015f526ab7d3d85e1c923108b7adfe4c0f8615987c7a4960eb986e4de74574bca2eb0c35d757adb380a5a763fb9ff61be52

    Download Submit

  • C:\VidMJ\bodxec.exe
    Filesize

    4.1MB

    MD5

    acdc2ae5665ed25b91427315b2ecd860

    SHA1

    a46c2782bd46b4a20d0595df3a93a07c335a3d80

    SHA256

    af9feb8354de5845e5a0b9a698f3c73e9076651cf209c0fa8c8afc6ffec0e448

    SHA512

    c9063863044cb5268e446369ebb66483c5d9c0f884cb37f3c6b1a5bd8ee6a5db090c94c18744f945562ff76b504db84bac62ad744ae047408128ecfd78bc159e

    Download Submit