Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

641765c180...18.exe

windows7-x64

7

641765c180...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/05/2024, 17:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    641765c18040b52233072956c36d90b9_JaffaCakes118.exe

  • Size

    283KB

  • MD5

    641765c18040b52233072956c36d90b9

  • SHA1

    53e6228caee4647fdb80baaffcf5887f89772c27

  • SHA256

    ac17e5e7ab1e8ca929c6f914d823f9ba815156024da42b504be6a3dc301ca38d

  • SHA512

    d2b66badaffe747ab0e49d1e84b9acefc90b36d5751138ae8e71fd1f462da020bed8ecbf60ff2a7194901233f17a80177eb0c0d710564659812258c2132a7e09

  • SSDEEP

    6144:8wR5za+HqlckLlSNb8uBaKxW6cG+GF6nTg24Yg:TR5zaoMckLMNGKxW6L+GFwTgv

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\641765c18040b52233072956c36d90b9_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\641765c18040b52233072956c36d90b9_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\kut593C.tmp
    Filesize

    522KB

    MD5

    ded9046b5669253bd9bd5a015cba0cd0

    SHA1

    72cb596388513e1a6309a931eefb1f93137bf707

    SHA256

    0d389a7c0d16ae24f744ae57844ad2dbeaa73b8484df064c6dcd1f581a0d4f5f

    SHA512

    8ad53f3bb55097b6262bbb42b6d07620c87c5f54cc767e00e0ea3f45c6a866a2836a57d2b54f9bb91c1c6cf0ab37118afadea83e349e613248bded96289d3ef4

    Download Submit

  • memory/4908-11-0x0000000005420000-0x00000000054B2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4908-14-0x0000000074D20000-0x00000000754D0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4908-1-0x00000000007F0000-0x00000000007F3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/4908-7-0x0000000004F50000-0x0000000004FD8000-memory.dmp

    Filesize

    544KB

    Download

  • memory/4908-8-0x0000000001220000-0x000000000122A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4908-9-0x0000000005930000-0x0000000005ED4000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/4908-10-0x0000000074D20000-0x00000000754D0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4908-0-0x0000000000100000-0x00000000001D0000-memory.dmp

    Filesize

    832KB

    Download

  • memory/4908-3-0x0000000074D2E000-0x0000000074D2F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4908-12-0x00000000055D0000-0x00000000055DA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4908-13-0x0000000074D20000-0x00000000754D0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4908-15-0x0000000074D20000-0x00000000754D0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4908-16-0x0000000008550000-0x00000000085B6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4908-25-0x000000000ACE0000-0x000000000B486000-memory.dmp

    Filesize

    7.6MB

    Download

  • memory/4908-26-0x0000000000100000-0x00000000001D0000-memory.dmp

    Filesize

    832KB

    Download

  • memory/4908-27-0x00000000007F0000-0x00000000007F3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/4908-28-0x0000000074D2E000-0x0000000074D2F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4908-29-0x0000000074D20000-0x00000000754D0000-memory.dmp

    Filesize

    7.7MB

    Download