Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
142s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
31/05/2024, 16:23
General
-
Target
879f0eeb24b183f4f35a09bb474f7fec_JaffaCakes118.exe
-
Size
1.2MB
-
MD5
879f0eeb24b183f4f35a09bb474f7fec
-
SHA1
3f1c6a5fa8f3242f82ee46dbe81a1071bd045a28
-
SHA256
4b04bc91719f8d04209ef9f520fc2cb27e863574fd1f1f9ca95c8c1fef51a9e7
-
SHA512
43942d690188d9785e5560599e03557e714c7021d556a6786dc0560ed60c9fa36a8181c6b2eea45738aef0715a3f8cd73f3c01b3b22ec9dfccd0b544edb6e416
-
SSDEEP
24576:yPX2vzp85e6oUS0FLTIiQ64berdI4iuKbQaqfQN+QfsqV:6Gvz0aUS0lIiQqdI4qfqqB0qV
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Enumerates connected drives 3 TTPs 2 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Executes dropped EXE 13 IoCs
-
Loads dropped DLL 18 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies Internet Explorer settings 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 36 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\879f0eeb24b183f4f35a09bb474f7fec_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\879f0eeb24b183f4f35a09bb474f7fec_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\SDM143\Free Ride Games.exe"C:\Users\Admin\AppData\Local\Temp\SDM143\Free Ride Games.exe" "u 'http://www.freeridegames.com/spdo/feeds/sdmConfig?camp=%s&serviceId=143&gameId=%d' p '143' c '670850' m 'playfincom' t '0' l 'Default'"2⤵
- Enumerates connected drives
- Writes to the Master Boot Record (MBR)
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\SDM143\cmhelper.exeUPR3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Temp\SDM143\cmhelper.exeUPW3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Temp\SDM143\cmhelper.exeUPW3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Temp\SDM143\cmhelper.exeUPW3⤵
- Executes dropped EXE
-
-
-
C:\Users\Admin\AppData\Local\Temp\SDM143\cmhelper.exe"C:\Users\Admin\AppData\Local\Temp\SDM143\cmhelper.exe" PR1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\SDM143\cmhelper.exeR2⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Temp\SDM143\cmhelper.exe"C:\Users\Admin\AppData\Local\Temp\SDM143\cmhelper.exe" PW1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\SDM143\cmhelper.exeW2⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Temp\SDM143\cmhelper.exe"C:\Users\Admin\AppData\Local\Temp\SDM143\cmhelper.exe" PW1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\SDM143\cmhelper.exeW2⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Temp\SDM143\cmhelper.exe"C:\Users\Admin\AppData\Local\Temp\SDM143\cmhelper.exe" PW1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\SDM143\cmhelper.exeW2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
23B
MD54174cb800274e3c271f7e53ae1b9ae35
SHA16ac0ca77eef3b68c8db3349f1ceb0c8083450642
SHA256d5e0a12b015868fdafdbdcef807fee6bf17e326db04c64079833e829bf34112e
SHA512c73823299a4706ad1feec4497c1e01c598beebe5679a1bbae2cfa6305b282f719c5c14c1fbc3d982db111cda6cdcc7721f22880391155ae9112f6b5f1cdb7cdd
-
Filesize
121B
MD564450d68260d99ff1743063d6a5149ae
SHA1ccf91ef7fd71cedc26c50462cf690c7dbcd548c3
SHA256578e40f805ea751d9b17cdc0fbad278830807a332661701e2110b97022a45022
SHA512c3f7ca31ddeeaa9c1dd143660e8b2c118fbc14403649aa7bf8594150269b5a1b6c230155dc4ee67f375f2d39f45b4c10fbca58fe2458d307072f67c248383abc
-
Filesize
239B
MD54be1177a880037cc4ec8ec1c6edb84a5
SHA183eeb059fbda6d096fe8ec97c77d362f7e8cfe6a
SHA256953dc497a25d615f93c3facf54fde1aaabfdac75e1d11361e6e4cbd5bdb27df9
SHA5122a5af90bd3d6c9069113851361aacdb026d59b6bf3517d343272ff9c3e100d94a74a1306fee0f99d84127f7ede002476c6f99526cfd97290f89d039148ef762a
-
Filesize
355B
MD5ee24dc02ce32d7c8cceefb94081fbfcd
SHA15ac9b9afd255d90ea3f236a8e412126a12211396
SHA2562985663b1ad70c660ba4f3efa61d25cd8665a30c4a34bf43153bec1206a6cb40
SHA5126e5fc870070241e94fcfd2f3527a5b74fa36f15dd0474b17a11e3586535f1ac9e3e4695880c5b3a7eafa847252e1cc110ea591d571de7cbc630cd4215e8e521d
-
Filesize
234KB
MD53a9774028e1e3968b8c202fd199d0084
SHA16e19763c3f42c8d6596135a7566bef07a0cbeadd
SHA25693a63465ea363661a141043c404f5b94ab9ac6cfeee3fd158bdf4e1fc50e3af5
SHA512ea7e67887d7b8fd3e6049ee1ba7a786bb895158279e464c5c7a35e323aefac34e81e5515e493acf447953a08f13b94024c4a460ebc77f03ef0d305feb8b81d06
-
Filesize
328B
MD52717904376239070bb02440f30dc7e60
SHA1b27b3c38955a2ea9125cf054aebe45c30c14ba8f
SHA2561251a5745ff525f16f4d339a82c86f56f950ebdc31936eb2737c3160ed662cf8
SHA512c2d931f77bf0c8df00c07aeebba315a9a443d4623af3060ad9120a53c4c0fcef3bf62e32b2002ccbf392d20338bfedbae3840ba1f88e05f9ab2a7aa9ba2950f3
-
Filesize
504KB
MD5f7a4ce326cd8b7a2e3e8b1ad80aba89a
SHA1fc00c30174b1c61c4400cd94285f944728b8c1fd
SHA25678793e27ce8c0794a036423e65d351851ed662b941f33a763f3db4ef0a6b546f
SHA51274c7fdf75f66e39708de9e89e8aebb0a38b31c3c4b170dc6cc943b3aeee900ed080ae3d77af18dd54dcadfa4ecca810d01b3b3cdb35216cb8e9b028e668fb2b1
-
Filesize
475KB
MD541d94c8eb8cb17e04f8ec6e14132f9ca
SHA1add92b031eb36b26335763780df88bca58636ed7
SHA2562e522a4da2c291ebcde484b4a04a6ef0691a732b9db454f12399d3e577327c96
SHA5120561594d671cc64717463d59e2f076453614584ccdd47b4a39cd347e9999ba63463233c75dd9972102a2634b1abfe6c97fa8f682d944bc5cf129724b7595faa7
-
Filesize
171KB
MD55cf0fba9e8775382233c8e63e52c838a
SHA1b2a092f71eff0f6916652d7f3bfde9204eda5636
SHA2567d940af8950b106227539cd4bdfb62f2d37a4abeaf568ebe2275fd31058c2ca5
SHA51273489e3638b98ffd7bd516bfed519cfd48758aaaedc11cb202d11822cad609caf9af95e9e864bd8a992be826945e6d018ce081f3970511fd49d7757ca6affd25
-
Filesize
11KB
MD5a436db0c473a087eb61ff5c53c34ba27
SHA165ea67e424e75f5065132b539c8b2eda88aa0506
SHA25675ed40311875312617d6711baed0be29fcaee71031ca27a8d308a72b15a51e49
SHA512908f46a855480af6eacb2fb64de0e60b1e04bbb10b23992e2cf38a4cbebdcd7d3928c4c022d7ad9f7479265a8f426b93eef580afec95570e654c360d62f5e08d
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
636KB
-
Filesize
636KB
-
Filesize
636KB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
636KB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
8KB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
8KB
-
Filesize
8KB