Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

046eb23b6b...18.exe

windows7-x64

7

046eb23b6b...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    142s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    20/06/2024, 08:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    046eb23b6ba272a21b2af4fbfe15cb6a_JaffaCakes118.exe

  • Size

    468KB

  • MD5

    046eb23b6ba272a21b2af4fbfe15cb6a

  • SHA1

    4fe7cad8a03f92bedd17b3694aafb85263cedf46

  • SHA256

    1a65216bbb849a0828b62210938dc72818197b5e8b8c25b9c1cbae73ec71b571

  • SHA512

    a7f680c4d7dff3bb417ce7bf580051f52e7b72c4dca96be5fe23a664478da177ac2f01ca6125e2a0ae8b46635d647af32802f268a7131904fc9d34e3f7b7d416

  • SSDEEP

    12288:bb7jkD3v0VBRxE5MBGlcM7UdTsi7UZWG1j3FLiUhf:bb3w3v8BRqEM7UdnU1j35iI

Score
7/10
bootkitpersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies data under HKEY_USERS 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\046eb23b6ba272a21b2af4fbfe15cb6a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\046eb23b6ba272a21b2af4fbfe15cb6a_JaffaCakes118.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2984
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\HKFX2008.BAT
      2⤵
      • Deletes itself
      PID:2152
  • C:\Windows\svchost.exe
    C:\Windows\svchost.exe
    1⤵
    • Executes dropped EXE
    • Writes to the Master Boot Record (MBR)
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2156
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
      2⤵
        PID:2932

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\HKFX2008.BAT
      Filesize

      218B

      MD5

      cd13a8711b8cc66c43d3187873dda506

      SHA1

      ea3236f04aec6503bfc5bdad452b4aa3731540f1

      SHA256

      b49f1b9cc93033bd8990d6be00290024e27278ac7ec79326022989b27dc69324

      SHA512

      ee4ca9900b950a4b803a00b5ef252c4f8c148869a5d623bf26e26e522212ab85c534ca90f5977a7a6ffcb92139c810b45aa7de90db45466771225361629bc9ba

      Download Submit

    • C:\Windows\svchost.exe
      Filesize

      468KB

      MD5

      046eb23b6ba272a21b2af4fbfe15cb6a

      SHA1

      4fe7cad8a03f92bedd17b3694aafb85263cedf46

      SHA256

      1a65216bbb849a0828b62210938dc72818197b5e8b8c25b9c1cbae73ec71b571

      SHA512

      a7f680c4d7dff3bb417ce7bf580051f52e7b72c4dca96be5fe23a664478da177ac2f01ca6125e2a0ae8b46635d647af32802f268a7131904fc9d34e3f7b7d416

      Download Submit

    • memory/2156-34-0x0000000001F70000-0x0000000001F71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2156-35-0x0000000001F60000-0x0000000001F61000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2156-61-0x0000000000400000-0x00000000004E4000-memory.dmp

      Filesize

      912KB

      Download

    • memory/2156-55-0x0000000000400000-0x00000000004E4000-memory.dmp

      Filesize

      912KB

      Download

    • memory/2156-54-0x0000000002DE0000-0x0000000002DE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2156-53-0x0000000000340000-0x000000000037A000-memory.dmp

      Filesize

      232KB

      Download

    • memory/2156-52-0x0000000000400000-0x00000000004E4000-memory.dmp

      Filesize

      912KB

      Download

    • memory/2156-50-0x0000000001F50000-0x0000000001F51000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2156-47-0x0000000000550000-0x0000000000551000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2156-48-0x0000000001F10000-0x0000000001F11000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2156-49-0x0000000001F20000-0x0000000001F21000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2156-42-0x0000000000520000-0x0000000000521000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2156-36-0x0000000000540000-0x0000000000541000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2156-37-0x0000000000580000-0x0000000000581000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2156-38-0x0000000000560000-0x0000000000561000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2156-39-0x0000000001EF0000-0x0000000001EF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2156-40-0x0000000002DE0000-0x0000000002DE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2156-41-0x0000000000530000-0x0000000000531000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2156-22-0x0000000000400000-0x00000000004E4000-memory.dmp

      Filesize

      912KB

      Download

    • memory/2156-23-0x0000000000340000-0x000000000037A000-memory.dmp

      Filesize

      232KB

      Download

    • memory/2156-24-0x00000000003E0000-0x00000000003E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2156-26-0x00000000003F0000-0x00000000003F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2156-25-0x00000000002E0000-0x00000000002E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2984-4-0x00000000004F0000-0x00000000004F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2984-3-0x00000000002F0000-0x00000000002F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2984-18-0x0000000000540000-0x0000000000541000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2984-19-0x0000000000530000-0x0000000000531000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2984-20-0x0000000001FF0000-0x0000000001FF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2984-5-0x0000000000520000-0x0000000000521000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2984-6-0x0000000002000000-0x0000000002001000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2984-7-0x0000000002010000-0x0000000002011000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2984-0-0x0000000000400000-0x00000000004E4000-memory.dmp

      Filesize

      912KB

      Download

    • memory/2984-1-0x0000000000350000-0x000000000038A000-memory.dmp

      Filesize

      232KB

      Download

    • memory/2984-45-0x0000000000400000-0x00000000004E4000-memory.dmp

      Filesize

      912KB

      Download

    • memory/2984-15-0x0000000002F00000-0x0000000002F01000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2984-9-0x0000000002080000-0x0000000002081000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2984-10-0x0000000000550000-0x0000000000551000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2984-46-0x0000000000350000-0x000000000038A000-memory.dmp

      Filesize

      232KB

      Download

    • memory/2984-11-0x0000000001E90000-0x0000000001E91000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2984-12-0x0000000000570000-0x0000000000571000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2984-13-0x0000000002020000-0x0000000002021000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2984-14-0x0000000002030000-0x0000000002031000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2984-8-0x0000000002090000-0x0000000002091000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2984-2-0x00000000003F0000-0x00000000003F1000-memory.dmp

      Filesize

      4KB

      Download