Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2e88616c21...18.exe

windows7-x64

7

2e88616c21...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/05/2024, 09:47 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2e88616c216630dbcae73cfb09995f33_JaffaCakes118.exe

  • Size

    283KB

  • MD5

    2e88616c216630dbcae73cfb09995f33

  • SHA1

    9b76cac14a0c6f34750dc9460b0d7040f4d87761

  • SHA256

    4de24e37d1f863b12af1d45239aaeef7f5c1a400df36e6c56b27750eb4f57291

  • SHA512

    68164a8ee4e7c67d5d9f54072b3de6ff0ee21ab3ad3ba0dc6ca4a58924e1c25a69c3e3d34577537bc8d5b8097d3188ccf61c826956299cb3fff14c3155427ca3

  • SSDEEP

    6144:/w6JOerGp2aPeiyx+/Hqyo3ia/keIJSkH364n8LQTj3Fv0B2fJLYI:/wurYPex+/2rXI5XxBj3GMfN

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2e88616c216630dbcae73cfb09995f33_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2e88616c216630dbcae73cfb09995f33_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4568

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    133.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    133.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    43.56.20.217.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    43.56.20.217.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    api.v2.secdls.com
    2e88616c216630dbcae73cfb09995f33_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    api.v2.secdls.com
    IN A
    Response
  • flag-us
    DNS
    45.19.74.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    45.19.74.20.in-addr.arpa
    IN PTR
    Response
  • flag-nl
    GET
    https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
    Remote address:
    23.62.61.57:443
    Request
    GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
    host: www.bing.com
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-type: image/png
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    content-length: 1107
    date: Fri, 10 May 2024 09:47:32 GMT
    alt-svc: h3=":443"; ma=93600
    x-cdn-traceid: 0.353d3e17.1715334452.12ec80d
  • flag-us
    DNS
    57.61.62.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    57.61.62.23.in-addr.arpa
    IN PTR
    Response
    57.61.62.23.in-addr.arpa
    IN PTR
    a23-62-61-57deploystaticakamaitechnologiescom
  • flag-us
    DNS
    50.23.12.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    50.23.12.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    198.187.3.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    198.187.3.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    142.53.16.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    142.53.16.96.in-addr.arpa
    IN PTR
    Response
    142.53.16.96.in-addr.arpa
    IN PTR
    a96-16-53-142deploystaticakamaitechnologiescom
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    31.243.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    31.243.111.52.in-addr.arpa
    IN PTR
    Response
  • 23.62.61.57:443
    https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
    tls, http2
    1.4kB
     6.3kB
     16
    11

    HTTP Request

    GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

    HTTP Response

    200
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    133.32.126.40.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    133.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    43.56.20.217.in-addr.arpa
    dns
    71 B
     131 B
     1
    1

    DNS Request

    43.56.20.217.in-addr.arpa

  • 8.8.8.8:53
    api.v2.secdls.com
    dns
    2e88616c216630dbcae73cfb09995f33_JaffaCakes118.exe
    63 B
     136 B
     1
    1

    DNS Request

    api.v2.secdls.com

  • 8.8.8.8:53
    45.19.74.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    45.19.74.20.in-addr.arpa

  • 8.8.8.8:53
    57.61.62.23.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    57.61.62.23.in-addr.arpa

  • 8.8.8.8:53
    50.23.12.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    50.23.12.20.in-addr.arpa

  • 8.8.8.8:53
    198.187.3.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    198.187.3.20.in-addr.arpa

  • 8.8.8.8:53
    142.53.16.96.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    142.53.16.96.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    31.243.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    31.243.111.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\dfs3CAB.tmp
    Filesize

    496KB

    MD5

    93fde31f598bbfb7b0822648d4a83889

    SHA1

    9b7194bbdcee2ed5ee95769a79e44dcb1c848944

    SHA256

    2bcf933a8542f0df471a459e3a37408c1209fbe367bcd738e7d7a1700a36f983

    SHA512

    ee6ba0aafe8b2830ff5f8986be652f097f65632252abd55abefa4fd2e4269afdd62387ea5faff110da77463418b2e4406d5a3dc1ac7c884b7f676bff4b4e07cf

    Download Submit

  • memory/4568-10-0x0000000005500000-0x0000000005592000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4568-14-0x0000000074CB0000-0x0000000075460000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4568-2-0x0000000000BC0000-0x0000000000BC3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/4568-7-0x0000000004FB0000-0x0000000005032000-memory.dmp

    Filesize

    520KB

    Download

  • memory/4568-8-0x00000000029E0000-0x00000000029EA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4568-9-0x0000000005BD0000-0x0000000006174000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/4568-11-0x0000000074CB0000-0x0000000075460000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4568-1-0x0000000000040000-0x00000000000FA000-memory.dmp

    Filesize

    744KB

    Download

  • memory/4568-3-0x0000000074CBE000-0x0000000074CBF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4568-12-0x00000000055B0000-0x00000000055BA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4568-13-0x0000000074CB0000-0x0000000075460000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4568-15-0x0000000008980000-0x00000000089E6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4568-16-0x0000000074CB0000-0x0000000075460000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4568-25-0x000000000AD90000-0x000000000B536000-memory.dmp

    Filesize

    7.6MB

    Download

  • memory/4568-26-0x0000000000040000-0x00000000000FA000-memory.dmp

    Filesize

    744KB

    Download

  • memory/4568-27-0x0000000000BC0000-0x0000000000BC3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/4568-28-0x0000000074CBE000-0x0000000074CBF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4568-29-0x0000000074CB0000-0x0000000075460000-memory.dmp

    Filesize

    7.7MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.