Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    11/06/2024, 01:58

General

  • Target

    9ca789eb45bba46293bb8c8b58d099a1_JaffaCakes118.exe

  • Size

    237KB

  • MD5

    9ca789eb45bba46293bb8c8b58d099a1

  • SHA1

    161f12c9fb7345990d56b6656d8d7b7d622a3a3b

  • SHA256

    7f8ee260f5a6650c42992b658403c6db98fac6d3e552da6bef23a6a691e4bb9e

  • SHA512

    eeb248726b9b952e47a52636c47b8b7977139277569e090f96dc6c90e5b372ee5883ecb0b0dba2720e08cc797a4830e383b246f7b0e59ce811052d8505246795

  • SSDEEP

    6144:8e344i5MiJfhocE7dQdD3Gsbb9EqkMMiJfIocE7dUXCu:7+poSdasbhHQoECu

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9ca789eb45bba46293bb8c8b58d099a1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\9ca789eb45bba46293bb8c8b58d099a1_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1904
    • C:\Windows\SysWOW64\Wbem\WMIC.exe
      WMIC /namespace:\\root\cimv2 PATH Win32_BIOS Get Version, SerialNumber /FORMAT:textvaluelist.xsl
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2144
    • C:\Windows\SysWOW64\Wbem\WMIC.exe
      WMIC /namespace:\\root\cimv2 PATH Win32_ComputerSystem Get Model, Manufacturer /FORMAT:textvaluelist.xsl
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2724
    • C:\Windows\SysWOW64\Wbem\WMIC.exe
      WMIC /namespace:\\root\SecurityCenter2 PATH AntiVirusProduct Get displayName /FORMAT:textvaluelist.xsl
      2⤵
        PID:2820

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \Users\Admin\AppData\Local\Temp\nst1DDE.tmp\nsExec.dll

      Filesize

      6KB

      MD5

      acc2b699edfea5bf5aae45aba3a41e96

      SHA1

      d2accf4d494e43ceb2cff69abe4dd17147d29cc2

      SHA256

      168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

      SHA512

      e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

    • \Users\Admin\AppData\Local\Temp\nst1DDE.tmp\nsURL.dll

      Filesize

      130KB

      MD5

      8cfcad073ee407ed9d347e66ede2b0e5

      SHA1

      8ff0e4acb5eaff7dcef517bbc06f5514ce037b3a

      SHA256

      73be46ee304981b7e5f9ece3a0222b4c53717450b630a70c997d2d63bced9ac1

      SHA512

      d86176791f0e5f7b047add20a7c9ce03ddc881819055cc6ae98d113707b89a19ca1f7637cf2a2cc6ffdaf794b673f13a6ac933212794e5ff6c32d28b18e360ca