Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

01f360a1cc...18.exe

windows7-x64

7

01f360a1cc...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/06/2024, 02:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    01f360a1cca0f5ddad97cc3abc3006e4_JaffaCakes118.exe

  • Size

    236KB

  • MD5

    01f360a1cca0f5ddad97cc3abc3006e4

  • SHA1

    faa57b7525d42071a32cbadd9f6be8e03fe6d11d

  • SHA256

    50652e512a4945c812eb1ad37f23f89fb004b95468568baf3d09daff99ed1ccf

  • SHA512

    8fd257c495e1f056e1d8c4d6ec8f0419b0b2ba72d192627823befcc0507ee58b772ef9073c16cc5272bfb73bc7880353a62b652b0287dd193a7dbd7bf88e13c4

  • SSDEEP

    6144:9Z5PmYk+XlDKZD+0J4VXdkJlOeSLZJ7kPu8+:9aYk+1CdCVtilONn

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 4 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in System32 directory 3 IoCs
  • Drops file in Windows directory 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\01f360a1cca0f5ddad97cc3abc3006e4_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\01f360a1cca0f5ddad97cc3abc3006e4_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3440
    • C:\Windows\SysWOW64\Regsvr32.exe
      Regsvr32.exe /s C:\Windows\system32\MSWinsck.ocx
      2⤵
      • Loads dropped DLL
      • Modifies registry class
      PID:1628
    • C:\Windows\BcTool.exe
      C:\Windows\BcTool.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4568
      • C:\Windows\WinNetw.exe
        C:\Windows\WinNetw.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of SetWindowsHookEx
        PID:2752
    • C:\Windows\GfxAcc.exe
      C:\Windows\GfxAcc.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      PID:4120

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\BcTool.exe
    Filesize

    32KB

    MD5

    55d096cf235ae6c4868e8c5efc207a28

    SHA1

    ebb5d7aecf9b33f7f8f1926568162347fc992956

    SHA256

    34d3083234954f1eef4dd4539ca094fa6d98da4043a4653a3c55b0d5e456fbbe

    SHA512

    1867aa49e854afc0dd005e12b4e666a0c44f28947fbc3c7692bb004f9ff081b4fd1af7459407a3536847d4c8f3244be8705e35998b40aef258dff290b4ee4c44

    Download Submit

  • C:\Windows\GfxAcc.exe
    Filesize

    20KB

    MD5

    0a84b270ec2fc29715069b8aeec1d444

    SHA1

    7dfc7d42771fecd85f71fcb1fa44c88d56ca45df

    SHA256

    13d2942c348c260b87ab0b8b518593c5872156db3e0fd8f80927f750de71f308

    SHA512

    a4777d73c4be925974f283fbac4a025128dca0a3923ead207eb6f078ecc5e4bd17b636bea455b46c67821df8f928462d3b70388317d1abe3e5c132f37e00322f

    Download Submit

  • C:\Windows\SysWOW64\MSWinsck.ocx
    Filesize

    106KB

    MD5

    851f34233b9ec424695815cad2a909d8

    SHA1

    05235076e55b1bfdf4f834d398c1044af5a734dd

    SHA256

    78dcd52e2311d08fc405ac2b54686ee66dda4fa68994819ae3315172b27e1f7f

    SHA512

    ee24454128b64883c324b00133af1f2814a023195907f0cb8b3a51300233fa27ebb02d68a7f41067f209837e6f7fa0ee1dcc7f7bf40a48fee9318cb335e38727

    Download Submit

  • C:\Windows\WinNetw.exe
    Filesize

    20KB

    MD5

    3648c5a44c2df334a91557d34f7fd42e

    SHA1

    ee3a7c066857754512189781ffc31953be1a815d

    SHA256

    8d9dfcfdd8b37bf1a7f69d0476b5cd99f232a44d8de9e895c7d2c4f7e6bb3a61

    SHA512

    178b644f8f6cb93a72d44d0ddcd23c6159b087b701d25e517b81da60e165c25e0bf12dd4235c1b44da45533d1fa80cbc0064fdfb8948a719036222e4c8e502bd

    Download Submit

  • memory/3440-2-0x0000000002040000-0x0000000002061000-memory.dmp

    Filesize

    132KB

    Download

  • memory/3440-8-0x0000000002040000-0x0000000002061000-memory.dmp

    Filesize

    132KB

    Download

  • memory/3440-51-0x0000000002040000-0x0000000002061000-memory.dmp

    Filesize

    132KB

    Download