Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

3ea9e5a1ff...18.exe

windows7-x64

7

3ea9e5a1ff...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    13/05/2024, 08:53 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3ea9e5a1ff0d1348a10edec09f010a55_JaffaCakes118.exe

  • Size

    305KB

  • MD5

    3ea9e5a1ff0d1348a10edec09f010a55

  • SHA1

    2ff1684685bdec1402fed8d700e51b5be6d7b12a

  • SHA256

    2264c1226978c5f1f4a5d731f2cf4180ebfdece38f01a069917dcf3452e94e04

  • SHA512

    35114aa4675e9cb73cc831097747a8c67c5618fa1e1275d7da962410cf36c6de40573e345a120962ab8ef778092c0b35725abd83529e94fca1cec1f34e70eb60

  • SSDEEP

    6144:Irkx9uEo2S1YnQmCX492DkwNP3qpYFkXdlP5IO5/OoCVHuy6SHZ86riVZkiizB:IrkHu6/eIo4RXdrIO5/OpVHd6Ky6rizY

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3ea9e5a1ff0d1348a10edec09f010a55_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3ea9e5a1ff0d1348a10edec09f010a55_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Maps connected drives based on registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2316

Network

  • flag-us
    DNS
    r1.stylezip.info
    3ea9e5a1ff0d1348a10edec09f010a55_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    r1.stylezip.info
    IN A
    Response
  • flag-us
    DNS
    c1.stylezip.info
    3ea9e5a1ff0d1348a10edec09f010a55_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    c1.stylezip.info
    IN A
    Response
  • flag-us
    DNS
    r2.stylemy.info
    3ea9e5a1ff0d1348a10edec09f010a55_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    r2.stylemy.info
    IN A
    Response
  • flag-us
    DNS
    c2.stylemy.info
    3ea9e5a1ff0d1348a10edec09f010a55_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    c2.stylemy.info
    IN A
    Response
No results found
  • 8.8.8.8:53
    r1.stylezip.info
    dns
    3ea9e5a1ff0d1348a10edec09f010a55_JaffaCakes118.exe
    62 B
     141 B
     1
    1

    DNS Request

    r1.stylezip.info

  • 8.8.8.8:53
    c1.stylezip.info
    dns
    3ea9e5a1ff0d1348a10edec09f010a55_JaffaCakes118.exe
    62 B
     141 B
     1
    1

    DNS Request

    c1.stylezip.info

  • 8.8.8.8:53
    r2.stylemy.info
    dns
    3ea9e5a1ff0d1348a10edec09f010a55_JaffaCakes118.exe
    61 B
     140 B
     1
    1

    DNS Request

    r2.stylemy.info

  • 8.8.8.8:53
    c2.stylemy.info
    dns
    3ea9e5a1ff0d1348a10edec09f010a55_JaffaCakes118.exe
    61 B
     140 B
     1
    1

    DNS Request

    c2.stylemy.info

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\Tsu0D31940C.dll
    Filesize

    269KB

    MD5

    af7ce801c8471c5cd19b366333c153c4

    SHA1

    4267749d020a362edbd25434ad65f98b073581f1

    SHA256

    cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e

    SHA512

    88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\{9DBAF4F7-1F22-4C06-AEED-57004659D601}\Custom.dll
    Filesize

    73KB

    MD5

    e8d86c771d7e23b080921b9803f1654c

    SHA1

    49d8ef6835a6de734ead4e0b2cbbc65735cd5c17

    SHA256

    cc7a340bffc39d8d8f704314f0383404590438b8cd16e780e0a26723bceedd21

    SHA512

    b9902e0112bbf053ec4e3aa633ac2f2dd938b23507ff58ed69ac580656e42874c4b0ccb0d393b26637ae2b98feee78023d62378adb99140736e314de74fb399b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\{9DBAF4F7-1F22-4C06-AEED-57004659D601}\_Setup.dll
    Filesize

    167KB

    MD5

    262cc5a5e5a007ae182c45e41ac35adf

    SHA1

    999582209e73d92d0040b8092666087aac2cee90

    SHA256

    ecc186e0284593db51463f104ba8486b1de656d47a290d27c6fea157cb1495bd

    SHA512

    2f59e23646774c3e5034d464242ac128cfb3ced1a0498dd0f719308b5854fbba20d457127e01b414f12b63d8bc3baf7ffcf89d91300ca43b90ed6cc933e4bd5b

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.