Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    140s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10/06/2024, 20:28

General

  • Target

    9bd5b173c3fc8ccf9248309982d6aa5b_JaffaCakes118.exe

  • Size

    10.0MB

  • MD5

    9bd5b173c3fc8ccf9248309982d6aa5b

  • SHA1

    eb3331285bfd1cc62d80c2e411ce5523f5f8f4a1

  • SHA256

    4b295341a377ce93253956c73574b634b7799297edb4699d9507c153fec1396b

  • SHA512

    f2716b8af1186ce3a1b7c01c64c97456812eeffeeeaa68fd78b5e5767c8134f9577e2ec597b324f93c23a653421d061d8a87684b1098481c1cb4953e5f128876

  • SSDEEP

    196608:vXkpYN49IBrkisJjAiH3J8QQaeY9EtC4lHE8rqNabGpcBoMIB+CHJX21Ta9:v0pYN4CkiGAwuQVe1HE8rqNa2cBoMIB9

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9bd5b173c3fc8ccf9248309982d6aa5b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\9bd5b173c3fc8ccf9248309982d6aa5b_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2036
    • C:\ProgramData\PDF Architect 3\Installation\PDFArchitect3Installer.exe
      "C:\ProgramData\PDF Architect 3\Installation\PDFArchitect3Installer.exe" /RegServer
      2⤵
      • Executes dropped EXE
      • Modifies registry class
      PID:2996
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32.exe /s "C:\ProgramData\PDF Architect 3\Installation\Statistics.dll"
      2⤵
      • Loads dropped DLL
      • Modifies registry class
      PID:2556
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\PDF Architect 3\Installation\Statistics.dll

    Filesize

    1.1MB

    MD5

    f3f80ad461348170e8276ffbfed23f36

    SHA1

    c1aea2f5e44bc4f28cf9300ad3d6d01573962dd2

    SHA256

    0f9d8dade0f03c92c8ed4f4f404ceeed77edba0d540d7297da0963db8283ca3d

    SHA512

    c84e42d8232b5d809482acc64231aa6f52eba0242686505c416af5a4aad3611e9128da752c54e716b09166911357c6ae169383627d79df6f58f5747f9a1008d8

  • \ProgramData\PDF Architect 3\Installation\PDFArchitect3Installer.exe

    Filesize

    10.0MB

    MD5

    9bd5b173c3fc8ccf9248309982d6aa5b

    SHA1

    eb3331285bfd1cc62d80c2e411ce5523f5f8f4a1

    SHA256

    4b295341a377ce93253956c73574b634b7799297edb4699d9507c153fec1396b

    SHA512

    f2716b8af1186ce3a1b7c01c64c97456812eeffeeeaa68fd78b5e5767c8134f9577e2ec597b324f93c23a653421d061d8a87684b1098481c1cb4953e5f128876