Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

5ec55a7fe8...18.exe

windows7-x64

1

5ec55a7fe8...18.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    123s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    20/05/2024, 11:13 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5ec55a7fe861783e8e7ae521e1caece5_JaffaCakes118.exe

  • Size

    1.5MB

  • MD5

    5ec55a7fe861783e8e7ae521e1caece5

  • SHA1

    4e647e664e50dfbc6c5819f0603d52c4b73e2c10

  • SHA256

    b4c7509a5fddb90961839b91865d2903ae6ac5371d3e75d19144a56d77601514

  • SHA512

    d16457b99db5a4870c09ac09734dc105044372b78fd75bee3508c14af046b26c4f02e551abe4758796d58a1ee95f16f693cbae65c5a4acc7cbbb2088a62de0f2

  • SSDEEP

    49152:jHAHGHk3gIhE3gIh9o9bZ+o9bZS3gIhE3gIh9o9bZ23gIhE3gIh9o9bZJGHk3gIu:7A/4vnR

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5ec55a7fe861783e8e7ae521e1caece5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5ec55a7fe861783e8e7ae521e1caece5_JaffaCakes118.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2936

Network

  • flag-us
    DNS
    synapseui.atwebpages.com
    5ec55a7fe861783e8e7ae521e1caece5_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    synapseui.atwebpages.com
    IN A
    Response
    synapseui.atwebpages.com
    IN A
    185.176.43.86
  • flag-bg
    GET
    http://synapseui.atwebpages.com/SynapseExploit/Version/developement.txt
    5ec55a7fe861783e8e7ae521e1caece5_JaffaCakes118.exe
    Remote address:
    185.176.43.86:80
    Request
    GET /SynapseExploit/Version/developement.txt HTTP/1.1
    Host: synapseui.atwebpages.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 403 Forbidden
    Date: Mon, 20 May 2024 11:13:14 GMT
    Server: Apache
    Last-Modified: Tue, 16 Apr 2024 12:09:43 GMT
    ETag: "295-616359d097c0a"
    Accept-Ranges: bytes
    Content-Length: 661
    Keep-Alive: timeout=4, max=90
    Connection: Keep-Alive
    Content-Type: text/html
  • 185.176.43.86:80
    http://synapseui.atwebpages.com/SynapseExploit/Version/developement.txt
    http
    5ec55a7fe861783e8e7ae521e1caece5_JaffaCakes118.exe
    665 B
     2.1kB
     12
    5

    HTTP Request

    GET http://synapseui.atwebpages.com/SynapseExploit/Version/developement.txt

    HTTP Response

    403
  • 8.8.8.8:53
    synapseui.atwebpages.com
    dns
    5ec55a7fe861783e8e7ae521e1caece5_JaffaCakes118.exe
    70 B
     86 B
     1
    1

    DNS Request

    synapseui.atwebpages.com

    DNS Response

    185.176.43.86

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2936-0-0x000000007415E000-0x000000007415F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2936-1-0x0000000000940000-0x0000000000AD0000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2936-2-0x0000000074150000-0x000000007483E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2936-3-0x0000000074150000-0x000000007483E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2936-4-0x000000007415E000-0x000000007415F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2936-5-0x0000000074150000-0x000000007483E000-memory.dmp

    Filesize

    6.9MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.