Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

4ab25954b0...18.exe

windows7-x64

7

4ab25954b0...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    133s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/05/2024, 10:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4ab25954b04b29f7eff05d5f591ece7d_JaffaCakes118.exe

  • Size

    364KB

  • MD5

    4ab25954b04b29f7eff05d5f591ece7d

  • SHA1

    e532ee56f1f6784d510c77c37b8a78816b5eb212

  • SHA256

    24baa9daf9de9cae7b78bf437acc69d0ef40cf3683187b04363d3c4da8887cf8

  • SHA512

    42dd30359434719ee3270571b9204413620076d9eab8fba414208a415227c3bf04f40d2a732d29c6c17f7090cd6e782f28d77fdae41ad73474d8dcca2edae91f

  • SSDEEP

    6144:wLdfmIQ5cCnUQfrDD6dPvw2ONKp/gSDGEIZdlQmafsQQkwb8mEYo5:ufVgcCnPrv6t7YSDGEKlQmafsQQAmo5

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4ab25954b04b29f7eff05d5f591ece7d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4ab25954b04b29f7eff05d5f591ece7d_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2148
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3468,i,6166776566165096562,4582328833313060853,262144 --variations-seed-version --mojo-platform-channel-handle=4204 /prefetch:8
    1⤵
      PID:3856

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\weeDC18.tmp
      Filesize

      259KB

      MD5

      b306ab9b08461997d0773b10327d1da4

      SHA1

      4033c7e085673cbe594d0e27b1c7bba133288f63

      SHA256

      1790962276c256c6ab98b1739a6bf730d82d9129709e75100782b8819a086749

      SHA512

      cead354d277ea86729ed9913cdc74a873bc8776cd8cc0dad20781a5aba86c30230d453127e8aaa2c99f48ceab71a8541dffa32b110de65b6199d1c2be3fbffba

      Download Submit

    • memory/2148-7-0x0000000007BA0000-0x0000000007BAA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2148-3-0x0000000005890000-0x00000000058D6000-memory.dmp

      Filesize

      280KB

      Download

    • memory/2148-4-0x00000000743C0000-0x0000000074B70000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2148-5-0x00000000080F0000-0x0000000008694000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/2148-6-0x0000000007BE0000-0x0000000007C72000-memory.dmp

      Filesize

      584KB

      Download

    • memory/2148-0-0x00000000743CE000-0x00000000743CF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2148-8-0x00000000743C0000-0x0000000074B70000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2148-9-0x00000000743C0000-0x0000000074B70000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2148-10-0x000000000AE80000-0x000000000AEE6000-memory.dmp

      Filesize

      408KB

      Download

    • memory/2148-11-0x00000000743C0000-0x0000000074B70000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2148-20-0x00000000743CE000-0x00000000743CF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2148-21-0x00000000743C0000-0x0000000074B70000-memory.dmp

      Filesize

      7.7MB

      Download