Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

411ee6851b...18.exe

windows7-x64

6

411ee6851b...18.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    141s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/05/2024, 10:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    411ee6851b5b6f7a911ec0ba982283eb_JaffaCakes118.exe

  • Size

    241KB

  • MD5

    411ee6851b5b6f7a911ec0ba982283eb

  • SHA1

    212e4deee6f67abac8bccce6aad49f31812c6449

  • SHA256

    157fed21dc522d91382f17c2d667de4f62fb2a5233ba2454cf6438bc12e330c1

  • SHA512

    14f62493e07adb96add1ee3c77e7016a6f83cfb6246ec7214c047d5e49c1261206e579b506c38c102f6f4b20eef9b8e9b6421a2b114ede17dfbc0b69d9e49486

  • SSDEEP

    6144:K3bHS0G6hiqMf1EGVFx6TwRRn03GHT9u4MPsPHkszs5s/B5:K3K68Zft2GzY70PHH7/r

Score
6/10
discovery

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\411ee6851b5b6f7a911ec0ba982283eb_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\411ee6851b5b6f7a911ec0ba982283eb_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:536
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1032 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:5008

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\mm_1009.tmp\log.txt
      Filesize

      758B

      MD5

      bd7efd30f65a140c6228d4e27fa60b24

      SHA1

      8341fb7a6ca34b7e526867c63101e41b5680b3a5

      SHA256

      6c1bab89220be47c059bb4b854ef99aac87625e3fea590f49ecc1189bea27bd3

      SHA512

      bdd65ecd5b174855c818adabe268909e5a99cbdbc5e2465eda7e32fb3642194a1348372b5cee3848eea126ffe490d3ebc051cbb6ea084db50ab05daeb79caebb

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\mm_1009.tmp\log.txt
      Filesize

      1KB

      MD5

      3d31bee842a69dd804fdad108d1d031b

      SHA1

      b7e8e62b0471fb53d0fbf9984b63f829d2b32d33

      SHA256

      fc2e31e105571ac0e5c5ba8e89e4fd2eef4af0760f0b05386f0453c6ce2d3e3f

      SHA512

      5b1c9be79d8885ea775189723748f862ca006a8185184758362748480eb4fb700e4e09a669809c3545700f268a398d3acfc05385b59b71cbf4db0e7c4bff0953

      Download Submit

    • memory/536-29-0x0000000020500000-0x000000002058F000-memory.dmp

      Filesize

      572KB

      Download

    • memory/536-43-0x0000000020500000-0x000000002058F000-memory.dmp

      Filesize

      572KB

      Download

    • memory/536-5-0x0000000020500000-0x000000002058F000-memory.dmp

      Filesize

      572KB

      Download

    • memory/536-2-0x000000007FE40000-0x000000007FE48000-memory.dmp

      Filesize

      32KB

      Download

    • memory/536-30-0x0000000020500000-0x000000002058F000-memory.dmp

      Filesize

      572KB

      Download

    • memory/536-26-0x0000000020500000-0x000000002058F000-memory.dmp

      Filesize

      572KB

      Download

    • memory/536-0-0x000000007FD60000-0x000000007FD61000-memory.dmp

      Filesize

      4KB

      Download

    • memory/536-3-0x000000007FD40000-0x000000007FD41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/536-39-0x0000000020500000-0x000000002058F000-memory.dmp

      Filesize

      572KB

      Download

    • memory/536-1-0x000000007FD50000-0x000000007FD51000-memory.dmp

      Filesize

      4KB

      Download

    • memory/536-45-0x0000000020500000-0x000000002058F000-memory.dmp

      Filesize

      572KB

      Download

    • memory/536-38-0x0000000020500000-0x000000002058F000-memory.dmp

      Filesize

      572KB

      Download

    • memory/536-42-0x0000000020500000-0x000000002058F000-memory.dmp

      Filesize

      572KB

      Download

    • memory/536-32-0x0000000020500000-0x000000002058F000-memory.dmp

      Filesize

      572KB

      Download

    • memory/536-59-0x0000000020500000-0x000000002058F000-memory.dmp

      Filesize

      572KB

      Download

    • memory/536-60-0x0000000020500000-0x000000002058F000-memory.dmp

      Filesize

      572KB

      Download