Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

0b09936480...18.exe

windows7-x64

7

0b09936480...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    24/06/2024, 22:42 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0b099364806991ae5d3854bad3335ba3_JaffaCakes118.exe

  • Size

    123KB

  • MD5

    0b099364806991ae5d3854bad3335ba3

  • SHA1

    61e076c81138c43c32f5d20206fe75027e4ad937

  • SHA256

    ef2aecf6c5819c1a239782afabcec709e2a6001531870939171ae215e56ce00e

  • SHA512

    ced61822dcd8544f18af9c4703513b7cd3f57a25ff778b917a95a14e9708a7a8483893f3bc6e73de02ea0dab25515f9f284efb6b84d2b90f7ea850fc4182c5b9

  • SSDEEP

    3072:Eb9Sb1K9HK4CTbdcsvFWj+eDafue7o0qQk0BVkY3Poutu:E5SbwRK4CTbd9W7Dan7o0TBVkEPoS

Score
7/10
persistenceupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 11 IoCs
  • Suspicious use of SendNotifyMessage 11 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0b099364806991ae5d3854bad3335ba3_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0b099364806991ae5d3854bad3335ba3_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:1712

Network

  • flag-us
    DNS
    d.trymedia.com
    0b099364806991ae5d3854bad3335ba3_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    d.trymedia.com
    IN A
    Response
No results found
  • 8.8.8.8:53
    d.trymedia.com
    dns
    0b099364806991ae5d3854bad3335ba3_JaffaCakes118.exe
    60 B
     119 B
     1
    1

    DNS Request

    d.trymedia.com

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTL9DZJ3\connecting_icon[1]
    Filesize

    301B

    MD5

    81f2114b7bcc913245df781df3eb9ae5

    SHA1

    46beb25a2a30e66c65ebddb72f836542e3655d21

    SHA256

    13237f6652c8a50f987ee5227ce16778117add802584a5e19ef892eac6e1d3e8

    SHA512

    446e34fc67e66d60a7e4a4ee65b47ca04198a8566c4d5cc665249fed8d8616cd6d674cb82621dfea4303cd7a1f90488027b352972219873bf90094d62e763b6c

    Download Submit

  • memory/1712-0-0x0000000000400000-0x0000000000458000-memory.dmp

    Filesize

    352KB

    Download

  • memory/1712-3-0x0000000000250000-0x0000000000251000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1712-31-0x0000000000400000-0x0000000000458000-memory.dmp

    Filesize

    352KB

    Download

  • memory/1712-33-0x0000000000250000-0x0000000000251000-memory.dmp

    Filesize

    4KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.