Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

9dc83c7bcb...18.exe

windows7-x64

7

9dc83c7bcb...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    125s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    11/06/2024, 09:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9dc83c7bcb99df1367a89c65b1279ab2_JaffaCakes118.exe

  • Size

    5.5MB

  • MD5

    9dc83c7bcb99df1367a89c65b1279ab2

  • SHA1

    29f9d25e0afbffe2abfbaf8ae7c80366d8b80728

  • SHA256

    ab362df48a7966b449c5688ea93dc0c21e93d928c8829a10a303ba3addb1d46b

  • SHA512

    2aed965822aaf1a92e261aa0941da695a1ebcb6a30e0d5a7611f8d10328fec9631f2e77fbe250190b809742e50035093e3df3025fe39be6342ab542f1b0b8581

  • SSDEEP

    98304:CIBxPDCqpGyZOVEswiAYGhcM8fF2DDJv1I2vPP7+1uI6sQ9o:JZzMyGPu3OR92PE2vNNsQ9

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9dc83c7bcb99df1367a89c65b1279ab2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\9dc83c7bcb99df1367a89c65b1279ab2_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2176
    • C:\Users\Admin\AppData\Local\Temp\9dc83c7bcb99df1367a89c65b1279ab2_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\9dc83c7bcb99df1367a89c65b1279ab2_JaffaCakes118.exe"
      2⤵
      • Loads dropped DLL
      PID:3016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI21762\python27.dll
    Filesize

    2.3MB

    MD5

    1f6a3e2a68eec142bdcc20dc27da7518

    SHA1

    fba21b6b0e69232ed71e01b3ef7639691ca8cf2e

    SHA256

    488fb259c0acda09b93cf95f56d51a17cf16fa2d83dd19a4a4b74a528711a8c0

    SHA512

    e879094624bb1df152b804956fda151605a605c7ae7506e5d963797f61abd97160b3ffdc328b030354216ebc218a59e75f9a48b0b483c253dd51f2a1aa26503b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI21762\www-private-key-1S.exe.manifest
    Filesize

    1KB

    MD5

    8aa855778998f254ac52cb3635d8b129

    SHA1

    1c72c3516e391f9008837884bfe786e7797537ea

    SHA256

    2f535afec1d75476fe044bcf2ce34816e9e26587686fea4e88c53fa79f70e1d8

    SHA512

    b5e9402111ba14eae65e50489fce80e53389aceeecfded59900fe42af90d68c3b98de97189b86464085870825ce2d6e3bf7596981907cb4011fb62ae0d3e3165

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI21762\libeay32.dll
    Filesize

    1008KB

    MD5

    8f4b9a23a0175fefe8388042ac2b7efa

    SHA1

    6355d112ceb46d67b713e803ee3d86b11862e301

    SHA256

    4b38afd7a45dfdaadb115657854974c6465d107bf94ef815757dff22dc74e16b

    SHA512

    57f0287db9b4ce4a5321cf12861f75904b73f9d76015f709ee6578b15125abbc0ffab399b367d6a20883394de0ad9d993e565f32eb25900f41fccfd8ff1cc87a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI21762\msvcr90.dll
    Filesize

    638KB

    MD5

    31d858c6f1c453af516343758a4b2c69

    SHA1

    ec9fafdb7333df42e3a8fb25f6f0f30ffe36b795

    SHA256

    12abcf99dd28bf35b3c224accfe2587ba5f4199d163224b344cdc770eed36130

    SHA512

    92923ca2f4be8fab82a5104cbc39ce84ce60000d4e825b5ccc0b44ba7f7090f7967b491350adf2f0c4ef9ce63ba93241030245e730f1a77c055b0257e64cbc45

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI21~1\_ctypes.pyd
    Filesize

    72KB

    MD5

    f9982f8b1176597b81ed1285d1616ce7

    SHA1

    7cf74cce8b20adeeff83e29eacc028bdf2d7c18a

    SHA256

    d14315cf03aa7d96b714bfc13f7990ec245d205e4a5f9f002d2805e369199239

    SHA512

    cd3339dc69ff918d3e4db2ae219ff7df58f18a151f088fa051b4cdf48e4cfd6569a9ca9e414708818004de7d0cb3cea64fa2ee4c0a1f6b832d86229446e22153

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI21~1\_hashlib.pyd
    Filesize

    278KB

    MD5

    199bde23ef347dbccc6bf5a112b43c93

    SHA1

    ba98ef27c64eb858ac7c3ae6ff1dece53094e753

    SHA256

    6f8a2f7fe1a702521706fcbe82592ac24e8c897f5bf47f798122dbd0b109c2a6

    SHA512

    dd92d4ad8bda852cfc4b1823d9371c10b5af3ad4057af3269d88ecb70bcd2600807252305ae647ff646f3080ac1e71e918a9ab623ba16fe7b73462238facc9cc

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI21~1\_socket.pyd
    Filesize

    40KB

    MD5

    07789a8c23bcebe32f8bfd4ce4af5ffb

    SHA1

    132d7ad9d2a7c3ff51b246fd14f0a4f738d68e10

    SHA256

    235cc97584c3d31e5f3146121f64699d30cf372a86868ea755a9a0afa6c56144

    SHA512

    d461d8313c285e568ce44c08d1af7c54aafae0d1e8235109d5d71f6baffe8f677ae3202590cf33ab34625ac87285c7dc4c1df2e2181acd4b998309d23e12fd3e

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI21~1\_ssl.pyd
    Filesize

    1.3MB

    MD5

    d0e36d53cbcea2ac559fec2c596f5b06

    SHA1

    8abe0c059ef3403d067a49cf8abcb883c7f113ec

    SHA256

    ae14e8d2ac9adbbb1c1d2a8001a017ba577663322fe7606c22bc0081d2764bc9

    SHA512

    6cc4a3ede744f81a8e619ee919dfc25e3d16bdcdcf25ec49699d9c1b5511e29d88c67bb7f6936363960838a73e4417668fe6a18220bf777baf174bb8278b69be

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI21~1\pycurl.pyd
    Filesize

    2.1MB

    MD5

    c4479ced36eeaf704bab58b2f8516880

    SHA1

    08879f664fa446dbbdc906ff6d2f2bb12423b56c

    SHA256

    671ce7c20a9df78c88d0f9932484f0f076b151452ad331ea5d60ee966ca36e12

    SHA512

    f7ca5edcc340ccf3d892d8ea13c9dc05d088023a31fd7c73f54555ce72b6de4d4f5cc928d7538ba5028c99760d879aef266708368576a5fef7ec5cd31f4a3ec6

    Download Submit

  • memory/3016-39-0x00000000029E0000-0x0000000002AE2000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3016-35-0x00000000027B0000-0x00000000029D9000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/3016-32-0x0000000000130000-0x000000000013C000-memory.dmp

    Filesize

    48KB

    Download