Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

05a466219f...18.exe

windows7-x64

7

05a466219f...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    136s
  • max time network
    165s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/06/2024, 11:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    05a466219f17b781055fe99ec0187cfb_JaffaCakes118.exe

  • Size

    357KB

  • MD5

    05a466219f17b781055fe99ec0187cfb

  • SHA1

    1aeb8a69db6fc6a350dd353eb0c1da3a855848ca

  • SHA256

    f8daa64571ca1196c4c6319873c6bddd6c6e99bd6df3954fe1e29fe956043e95

  • SHA512

    62dcd81597fd8121a7a0d6cdb10d75ff8aa14cb4d2286f12e303401f5b60e3a3c38cea67dcfb8e280a5119ede4b360996b427e584dc3f67d95298a78e217ba5f

  • SSDEEP

    6144:astNcjg5z+EbCIGSmsZOpu6A0Q//TDtvenfvEtv9yiEgoL5BAqm8JREoR:DEjg5itIHZkux0advennA9SnAqVEoR

Score
7/10

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 3 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3300
      • C:\Users\Admin\AppData\Local\Temp\05a466219f17b781055fe99ec0187cfb_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\05a466219f17b781055fe99ec0187cfb_JaffaCakes118.exe"
        2⤵
        • Checks BIOS information in registry
        • Checks processor information in registry
        • Enumerates system info in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:3460
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3936 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:5024

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3300-6-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3300-8-0x000000007FFC0000-0x000000007FFC6000-memory.dmp

        Filesize

        24KB

        Download

      • memory/3460-0-0x0000000000400000-0x00000000007CB000-memory.dmp

        Filesize

        3.8MB

        Download

      • memory/3460-1-0x00000000007C1000-0x00000000007C2000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3460-2-0x0000000000400000-0x00000000007CB000-memory.dmp

        Filesize

        3.8MB

        Download

      • memory/3460-4-0x0000000000400000-0x00000000007CB000-memory.dmp

        Filesize

        3.8MB

        Download

      • memory/3460-12-0x0000000010000000-0x0000000010011000-memory.dmp

        Filesize

        68KB

        Download

      • memory/3460-15-0x0000000000400000-0x00000000007CB000-memory.dmp

        Filesize

        3.8MB

        Download

      • memory/3460-16-0x0000000000400000-0x00000000007CB000-memory.dmp

        Filesize

        3.8MB

        Download

      • memory/3460-17-0x0000000000400000-0x00000000007CB000-memory.dmp

        Filesize

        3.8MB

        Download