Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

2434e74a5a...18.exe

windows7-x64

10

2434e74a5a...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    133s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    08/05/2024, 09:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2434e74a5adcf1530d186b9e014db3e3_JaffaCakes118.exe

  • Size

    196KB

  • MD5

    2434e74a5adcf1530d186b9e014db3e3

  • SHA1

    76593f8cda816b7d4671a19c8de10c81a1fcf6f5

  • SHA256

    a3f8f0f0229d7c0907a6e4c47a9f4b47ef3d9d1097a71796cbb6517ede83b4d2

  • SHA512

    92cae0c934e45655fc24b2f8de777fae3d05bccf38cd950b664b380f9c48d71264431ce45bc0a57c852d77d1d20b31e5ca834d61047dc334606a93f72b186e93

  • SSDEEP

    3072:fAvd9J7NZ3zANXgmIAjzp8CKi/nRkkBpuEPFCh0/p/nRCWY86bIWLu4Nrme/1Zm:fAbJ7ANXdIAjDd/7pzP0

Score
10/10
emotetbankertrojan

Malware Config

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies data under HKEY_USERS 18 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2434e74a5adcf1530d186b9e014db3e3_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2434e74a5adcf1530d186b9e014db3e3_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2428
    • C:\Users\Admin\AppData\Local\Temp\2434e74a5adcf1530d186b9e014db3e3_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\2434e74a5adcf1530d186b9e014db3e3_JaffaCakes118.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: RenamesItself
      PID:2468
  • C:\Windows\SysWOW64\guidsindexer.exe
    "C:\Windows\SysWOW64\guidsindexer.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2928
    • C:\Windows\SysWOW64\guidsindexer.exe
      "C:\Windows\SysWOW64\guidsindexer.exe"
      2⤵
      • Drops file in System32 directory
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      PID:3060

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2428-6-0x0000000001BA0000-0x0000000001BC0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2428-4-0x0000000001B80000-0x0000000001B9A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2428-14-0x0000000001B60000-0x0000000001B7A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2428-5-0x0000000001B60000-0x0000000001B7A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2428-0-0x0000000001B80000-0x0000000001B9A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2468-30-0x0000000000400000-0x0000000000432000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2468-13-0x0000000000340000-0x0000000000360000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2468-12-0x0000000000300000-0x000000000031A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2468-11-0x0000000000320000-0x000000000033A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2468-7-0x0000000000320000-0x000000000033A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2468-31-0x0000000000300000-0x000000000031A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2928-15-0x00000000003D0000-0x00000000003EA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2928-20-0x00000000003B0000-0x00000000003CA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2928-27-0x00000000003B0000-0x00000000003CA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2928-21-0x0000000000440000-0x0000000000460000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2928-19-0x00000000003D0000-0x00000000003EA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3060-26-0x0000000000440000-0x000000000045A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3060-22-0x0000000000440000-0x000000000045A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3060-29-0x0000000000460000-0x0000000000480000-memory.dmp

    Filesize

    128KB

    Download

  • memory/3060-28-0x00000000003E0000-0x00000000003FA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3060-32-0x00000000003E0000-0x00000000003FA000-memory.dmp

    Filesize

    104KB

    Download