Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

03c00294c6...18.exe

windows7-x64

7

03c00294c6...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    52s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/06/2024, 06:45 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    03c00294c6f2518753f2d488d1052d2a_JaffaCakes118.exe

  • Size

    623KB

  • MD5

    03c00294c6f2518753f2d488d1052d2a

  • SHA1

    b618801d54fce568c6250a5f98dc009e9c98ad4e

  • SHA256

    102fc74774e79c55c34c8514d9e289e415df28654b002a438a9a6ef4cdfbce6d

  • SHA512

    80a2fbd1e63e4ca283678a93070d01537a0abf8b53473ed3fe263d103d31ecfc162b6a760e857c50e0bf4a6ff1e4a76457bd024fa6d2542bc1fbdbf348caec3d

  • SSDEEP

    12288:fS30HfNDAFEWpUewI9JE1BbH0VF3Z4mxx2DqVTVOCY8u3TsY:xFEFEWpXwI3eH0VQmXVVTzzu

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 3 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\03c00294c6f2518753f2d488d1052d2a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\03c00294c6f2518753f2d488d1052d2a_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:220
    • C:\Program Files\Common Files\Microsoft Shared\MSInfo\IEFILES.INI
      "C:\Program Files\Common Files\Microsoft Shared\MSInfo\IEFILES.INI"
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      PID:4380
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c c:\Uinstall.bat
      2⤵
        PID:4716
    • C:\Windows\SysWOW64\csrsser
      C:\Windows\SysWOW64\csrsser
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      PID:4476

    Network

    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
    No results found
    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      330 B
       5

      DNS Request

      8.8.8.8.in-addr.arpa

      DNS Request

      8.8.8.8.in-addr.arpa

      DNS Request

      8.8.8.8.in-addr.arpa

      DNS Request

      8.8.8.8.in-addr.arpa

      DNS Request

      8.8.8.8.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files\Common Files\Microsoft Shared\MSInfo\IEFILES.INI
      Filesize

      593KB

      MD5

      514ebd73e918413721ac5a9e3268d50c

      SHA1

      2451a3643ba3c232e973e33d011fe63c225bbd67

      SHA256

      c02182fecf9c1b7fae0503116bb7c0ed885f05b8b52de22f0d4de0b0923fd31a

      SHA512

      03462febb4bc2166bc2126c19db4726b52a1fea61fc364004dc3b7b3aa7153cca2f45061f83ef5177e77cdb57f3c81fa2389666b0c6a0f259f3faaeaf254ca37

      Download Submit

    • \??\c:\Uinstall.bat
      Filesize

      212B

      MD5

      7aa1c90a4d3a360a7308ebb675c723fd

      SHA1

      087ebe75e98d2d6433f0b55270078c39c5ac46fa

      SHA256

      2c0aae3295e2dafb9bd328edb6956ed8513becd9f4ae3af6c55a439974a3bcfb

      SHA512

      14f3637cbb88dea26528c622161a20db9cf6e7ff1dd3a6bdc544120a70ff2202af983e0ced8eb7e9899c52f21f108696eaff4c4d11ef697ea496297ce0902a1e

      Download Submit

    • memory/220-33-0x0000000000400000-0x00000000004A2000-memory.dmp

      Filesize

      648KB

      Download

    • memory/4380-13-0x0000000002560000-0x0000000002561000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4380-11-0x0000000002500000-0x0000000002501000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4380-20-0x00000000022C0000-0x00000000022C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4380-19-0x0000000003540000-0x0000000003541000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4380-18-0x00000000035F0000-0x00000000035F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4380-17-0x00000000034F0000-0x00000000034F3000-memory.dmp

      Filesize

      12KB

      Download

    • memory/4380-16-0x0000000003500000-0x0000000003501000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4380-15-0x0000000002520000-0x0000000002521000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4380-14-0x0000000002590000-0x0000000002591000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4380-22-0x0000000003510000-0x0000000003511000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4380-12-0x0000000002570000-0x0000000002571000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4380-21-0x00000000022D0000-0x00000000022D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4380-10-0x0000000002510000-0x0000000002511000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4380-9-0x0000000002580000-0x0000000002581000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4380-8-0x0000000002530000-0x0000000002531000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4380-7-0x0000000002550000-0x0000000002551000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4380-5-0x0000000000400000-0x000000000050A000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/4380-30-0x00000000022E0000-0x0000000002334000-memory.dmp

      Filesize

      336KB

      Download

    • memory/4380-29-0x0000000000400000-0x000000000050A000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/4380-6-0x00000000022E0000-0x0000000002334000-memory.dmp

      Filesize

      336KB

      Download

    • memory/4476-27-0x0000000000400000-0x000000000050A000-memory.dmp

      Filesize

      1.0MB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.