41b3de39f31700d73a9ac1479d7e4d95b61e24726b452dcaee085c303da04754 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

73cb7b5917...18.exe

windows7-x64

7

73cb7b5917...18.exe

windows10-2004-x64

7

Sharing

General

Target

73cb7b5917083288122e8a98728af6f8_JaffaCakes118
Size

5.1MB
Sample

240526-a3xw2shb73
MD5

73cb7b5917083288122e8a98728af6f8
SHA1

c3f43455b36b70f0d3ba0c15f3506a9d7c4f7766
SHA256

41b3de39f31700d73a9ac1479d7e4d95b61e24726b452dcaee085c303da04754
SHA512

0cb3b39fe5c2f213c8d39010251ce5587c035718756ed4ac6b4e72bb540a674f133a3129ee317ea4004176c2518e3266fe35f4a3968c7fb400f882be877f2898
SSDEEP

98304:1F+7wWmibYKXFWBf/ZXQLcKnICEb9mChJty7upim31awJH13JDhZG9:C7oikKcBXBQLcKICEcClyIica+13JDhy

Score

7^/10

discovery upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

73cb7b5917083288122e8a98728af6f8_JaffaCakes118.exe

Resource

win7-20240419-en

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

73cb7b5917083288122e8a98728af6f8_JaffaCakes118.exe

Resource

win10v2004-20240426-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  73cb7b5917083288122e8a98728af6f8_JaffaCakes118
- Size
  
  5.1MB
- MD5
  
  73cb7b5917083288122e8a98728af6f8
- SHA1
  
  c3f43455b36b70f0d3ba0c15f3506a9d7c4f7766
- SHA256
  
  41b3de39f31700d73a9ac1479d7e4d95b61e24726b452dcaee085c303da04754
- SHA512
  
  0cb3b39fe5c2f213c8d39010251ce5587c035718756ed4ac6b4e72bb540a674f133a3129ee317ea4004176c2518e3266fe35f4a3968c7fb400f882be877f2898
- SSDEEP
  
  98304:1F+7wWmibYKXFWBf/ZXQLcKnICEb9mChJty7upim31awJH13JDhZG9:C7oikKcBXBQLcKICEcClyIica+13JDhy
Score

7^/10

discovery upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy