Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

064785a185...18.exe

windows7-x64

7

064785a185...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    20/06/2024, 13:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    064785a185279296229b5c4ac0c789ef_JaffaCakes118.exe

  • Size

    631KB

  • MD5

    064785a185279296229b5c4ac0c789ef

  • SHA1

    137e2609d96ce80c074ac77114b11fdd24abc850

  • SHA256

    5479e9b06ea8773617411f286263356970795cfd6473e2acbf9f1f60367cca57

  • SHA512

    05f60d711f99c958bb4c904be8cb7080ad5f572d335ee4e9ad01e8cddde2d010b04177f3f2787250141796e20aedad16dd5a3fbba01a0d80b0de6578eeff7aa9

  • SSDEEP

    12288:AzbV3qR4M+1Aq5vNd8Tcr2WEzSZh7rEF3Z4mxxlRDGdAp4feSAAoO6A3uMd:AzbRq1/q5v78owzSZh7rEQmXnDu2SpoE

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies data under HKEY_USERS 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 31 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\064785a185279296229b5c4ac0c789ef_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\064785a185279296229b5c4ac0c789ef_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1664
  • C:\Windows\Hacker.com.cn.exe
    C:\Windows\Hacker.com.cn.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2756
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
      2⤵
        PID:2612

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\Hacker.com.cn.exe
      Filesize

      631KB

      MD5

      064785a185279296229b5c4ac0c789ef

      SHA1

      137e2609d96ce80c074ac77114b11fdd24abc850

      SHA256

      5479e9b06ea8773617411f286263356970795cfd6473e2acbf9f1f60367cca57

      SHA512

      05f60d711f99c958bb4c904be8cb7080ad5f572d335ee4e9ad01e8cddde2d010b04177f3f2787250141796e20aedad16dd5a3fbba01a0d80b0de6578eeff7aa9

      Download Submit

    • memory/1664-11-0x0000000003290000-0x0000000003291000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1664-5-0x00000000005E0000-0x00000000005E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1664-22-0x0000000000280000-0x0000000000281000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1664-21-0x00000000032A0000-0x00000000032A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1664-10-0x0000000000650000-0x0000000000651000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1664-19-0x00000000032D0000-0x00000000032D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1664-18-0x0000000003380000-0x0000000003381000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1664-17-0x0000000003380000-0x0000000003381000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1664-16-0x0000000003380000-0x0000000003381000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1664-15-0x0000000003380000-0x0000000003381000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1664-14-0x0000000003380000-0x0000000003381000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1664-13-0x0000000003380000-0x0000000003381000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1664-2-0x0000000000680000-0x0000000000681000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1664-29-0x0000000000400000-0x000000000051B000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1664-20-0x0000000000270000-0x0000000000271000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1664-9-0x00000000006C0000-0x00000000006C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1664-8-0x0000000000690000-0x0000000000691000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1664-7-0x00000000006A0000-0x00000000006A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1664-6-0x00000000005D0000-0x00000000005D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1664-12-0x0000000003280000-0x0000000003283000-memory.dmp

      Filesize

      12KB

      Download

    • memory/1664-4-0x00000000006B0000-0x00000000006B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1664-3-0x0000000000660000-0x0000000000661000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1664-1-0x00000000005F0000-0x0000000000644000-memory.dmp

      Filesize

      336KB

      Download

    • memory/1664-0-0x0000000000400000-0x000000000051B000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1664-30-0x00000000005F0000-0x0000000000644000-memory.dmp

      Filesize

      336KB

      Download

    • memory/2756-26-0x0000000000400000-0x000000000051B000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/2756-31-0x0000000000400000-0x000000000051B000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/2756-35-0x0000000000400000-0x000000000051B000-memory.dmp

      Filesize

      1.1MB

      Download