Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 23:44
Static task
static1
Behavioral task
behavioral1
Sample
a2fc100d7e3f231238e49978dfc1b828_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a2fc100d7e3f231238e49978dfc1b828_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$_3_.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$_3_.exe
Resource
win10v2004-20240611-en
General
-
Target
$_3_.exe
-
Size
1.7MB
-
MD5
d4c16982f8a834bc0f8028b45c3ae543
-
SHA1
9d9cec9af8f23a23521e20d48d9af1024663a4a7
-
SHA256
932badf8ce27381bd595c9d861d7f7142fe98f233a893a2003a5f5e5ec163b3b
-
SHA512
c94b8d978afac107c08a5405cf9510e48d4bcf1284292eee1d08898f1c7a43a83a9655dc4d85d27d3b825e45a8f136c7beb71405fab94bb5e2437b7c4ad44b5c
-
SSDEEP
49152:n7mrmYPoEHVGTWFkO4ITVpSuEqM/vrM3rA3SuN5:km2Z12WFYFVf
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Runs ping.exe 1 TTPs 1 IoCs
pid Process 3048 PING.EXE -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2212 $_3_.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2212 $_3_.exe 2212 $_3_.exe 2212 $_3_.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2212 wrote to memory of 2112 2212 $_3_.exe 30 PID 2212 wrote to memory of 2112 2212 $_3_.exe 30 PID 2212 wrote to memory of 2112 2212 $_3_.exe 30 PID 2212 wrote to memory of 2112 2212 $_3_.exe 30 PID 2112 wrote to memory of 3048 2112 cmd.exe 32 PID 2112 wrote to memory of 3048 2112 cmd.exe 32 PID 2112 wrote to memory of 3048 2112 cmd.exe 32 PID 2112 wrote to memory of 3048 2112 cmd.exe 32
Processes
-
C:\Users\Admin\AppData\Local\Temp\$_3_.exe"C:\Users\Admin\AppData\Local\Temp\$_3_.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2212 -
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\14292.bat" "C:\Users\Admin\AppData\Local\Temp\05919A6219B84B20A5B8A402D5711765\""2⤵
- Suspicious use of WriteProcessMemory
PID:2112 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 10003⤵
- Runs ping.exe
PID:3048
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
544B
MD5aaad025ea22dcf4795386f3ea5863366
SHA161282d43faef6a890f8c203af63a7bb11f6a4b1e
SHA2565389cfdbcfd0bf443f0a6842b45554c107f0d02d6f14dc4f4218ef9a89ebc1fb
SHA51253a24b5609cd769e5e6292c8cc89b68b58079f11850baba8f77ec2df257378a36877119158153701ec8202b605893ff635364287187836884b9a0ea6803c7820
-
Filesize
544B
MD55539ea3db9a9d521ba14495e1e4b2dd0
SHA15d83edf0d93b85f312175ceb3acb91be3de8c70a
SHA2568fbceeb1a3f5f97a8f4c23df34333a175fe74978576777058b12b2e01fcb54ca
SHA5121cf25f29629149e317be4104757f38a773030029555d5754fa8c4b4e63715f1171699bb20e93ae4624c2bc962a5adb461f1137d8e7d79ac0f60808612dcb1bd9
-
C:\Users\Admin\AppData\Local\Temp\05919A6219B84B20A5B8A402D5711765\05919A6219B84B20A5B8A402D5711765_LogFile.txt
Filesize2KB
MD5d4ed4dacce4185689117dfaf70b53dde
SHA1f2fe31333a6b783c029cbf4b9ccb905443c57f34
SHA2561cf3e885045a7ea88c7172e25fa559aa2464e746ae0d9ee279935a7eac5cd094
SHA51245390b1feb3bf402f975f3fb5b3c6413754ad04b54b3ff3da6856329ab7e5f34ec1d2bfde6bb3d7e82b3c28f10b75065a954c71b8a6f4a5f02fe27ff039c010e
-
C:\Users\Admin\AppData\Local\Temp\05919A6219B84B20A5B8A402D5711765\05919A6219B84B20A5B8A402D5711765_LogFile.txt
Filesize3KB
MD5e2d7822b91ce616454d71230a23e05f7
SHA1ad66601ceaf4c00c1ae871870aa03de91f070506
SHA256be66d9a31b377daf8d58613381f9eaa24b65df52fcda60710d7b0f542d826107
SHA512e5d29892a906e5f1fc235e61cbc77945d92fa5be394d7a042bd4214fa52268f19bfaeb0b1796dbc5fc51859ed071c58fb1a33e24a6269d9e2443d95813babc21
-
C:\Users\Admin\AppData\Local\Temp\05919A6219B84B20A5B8A402D5711765\05919A6219B84B20A5B8A402D5711765_LogFile.txt
Filesize4KB
MD53feee9435d469f789a73af6bc91cba91
SHA1c5cf9172c3b95fb3f51ab8f3fb07590a4d38a232
SHA2567aad40a38da4ae9e5e804ed2c38526977832bcb1ecb1cdd9c0205623230d1fdf
SHA512fbb45831e59fdc9620a0fd5f02a4e28b1b0f34bea3f6618bd3b6b755391b9859b7297d34d2556e98a8eb3b67bae8b2219a4ce71429b909592d0bcdaa566445cc
-
Filesize
28KB
MD5e7c412065dc56cec1c9e47ce41bb917f
SHA19e85438c4f0ea0217a8b132c43b36905faceefaf
SHA256b140b3055a23e6ebc48a36f811edd2c042ae8d165517d23befd6b2327d665721
SHA51296501adf47ee7aa3afd46e04a37dc5d7ac53bbb6ecd6b268c2ff35214772e48433a4cf754001a3a71e568418f9abef0131a890f1f29610f606c9536f13c5378d
-
Filesize
212B
MD5668767f1e0c7ff2b3960447e259e9f00
SHA132d8abf834cce72f5e845175a0af2513b00504d8
SHA256cdb93994093a24991c246d8b6f7003920a510a45bfc8441521314ce22a79191d
SHA512c07f26c8601cf91d9805004668463721ab91e14f3cc59e77e20f43d98e070ea8e742c38fe8021c4ffb1ebc02e3743ab732b66ff84bb24b59a5fdcc8634c77680