Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/06/2024, 00:44

General

  • Target

    05d7368f45843a53ea250260a936020b_JaffaCakes118.exe

  • Size

    1.1MB

  • MD5

    05d7368f45843a53ea250260a936020b

  • SHA1

    5eefa152c6e9cf9131694ac445c20bb1dfdaffeb

  • SHA256

    ceffd78a821d7cc8108d59cd70b2c4ac0d96602f0cf32269679d22b54718a8fd

  • SHA512

    6d12764137824a371967c3c7df8f02c48f05fc78fa45acaa11991b87ed92eed6061248108320ab12f694bdd6e2d67357dbbf5ef6bc96fbc6f4e8c9cc1c0287f2

  • SSDEEP

    24576:Ktcl2DG/Ix17oS+4OmwS4Luiyk9tNp4nY/kaGY+gF2tYSuaCZvmWR20kn:KBin4NwSLRk/4Y/jGYctnCZuFbn

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\05d7368f45843a53ea250260a936020b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\05d7368f45843a53ea250260a936020b_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:4684

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\mlng_EN.ini

    Filesize

    8KB

    MD5

    aa5a931a734ad85b7c149b04dc018350

    SHA1

    510b5e19914944a012f14295137f056012213f22

    SHA256

    187ee03ff858418849fc4dedc1ae6ad5a8d1778a3da6a26fea1a44517c9ecb34

    SHA512

    f165f6292643e695831fabc9efc1c2f3855d294a3ad54ef745eeece6298d4d5b52210a3950c751b26c933abc2abd48d3ef504a596a9e932f69901d73187731f1

  • C:\Users\Admin\AppData\Local\Temp\mlng_GB.ini

    Filesize

    6KB

    MD5

    45372c4acb71f52149864766ed8b21ff

    SHA1

    48a1519c789891c1295cdc7c58696a1b8f5907af

    SHA256

    6a0fd22eb05670716627d24db26e0efe39a8f6802d302bdfa187a0d627474a7a

    SHA512

    9c2cdf48f05c220dd679c415b0f20cd148450cebbba926fdf22687d7ecddb73f16077cdc1cf76088e9c20739e46f43cff841b080bf90bb24593df0ddf0735522

  • C:\Users\Admin\AppData\Local\Temp\msnshell.dll

    Filesize

    1.9MB

    MD5

    e5cb5db431e05f9cbb240dde14d047ca

    SHA1

    4b4534ddbd0342feebf0b5dbb4cd0aae5f8b2468

    SHA256

    124bd8133828e88e461b4423966cd83d68427d526e80b38a0a20dc13db343e73

    SHA512

    189ae327bed1d1b9a2f5a6f5b49e723b385f64c018bcf490aa30fd91ccd836b5087253df92d1fb9f4ba09802d27da2ccba8fe24c67528bd6f0b3c7479aece4dc

  • C:\Users\Admin\AppData\Local\Temp\shell.ini

    Filesize

    38B

    MD5

    6155652e608cfbcf3a6c23ed9b7ccd21

    SHA1

    96e6110dd1f7991bfc4f4d4b967e36dc14e1858d

    SHA256

    bff01dd0bbe7d995c5ba9f90027c08f2deb8f81dfa8b5e9628208d015cb2d872

    SHA512

    ad101c5cd7d2d2443207ff282ae0d6f240e07f1b32873ff2d710d85df90119c9be1a7054a7bc6a687547190b38ee45ef15443571acb12272d0c5f3d6275dec79

  • memory/4684-65-0x0000000000400000-0x0000000000677000-memory.dmp

    Filesize

    2.5MB

  • memory/4684-87-0x0000000000400000-0x0000000000677000-memory.dmp

    Filesize

    2.5MB

  • memory/4684-43-0x00000000048D0000-0x0000000004AB6000-memory.dmp

    Filesize

    1.9MB

  • memory/4684-33-0x00000000048D0000-0x0000000004AB6000-memory.dmp

    Filesize

    1.9MB

  • memory/4684-53-0x0000000000400000-0x0000000000677000-memory.dmp

    Filesize

    2.5MB

  • memory/4684-55-0x0000000000970000-0x0000000000971000-memory.dmp

    Filesize

    4KB

  • memory/4684-0-0x0000000000970000-0x0000000000971000-memory.dmp

    Filesize

    4KB

  • memory/4684-66-0x00000000048D0000-0x0000000004AB6000-memory.dmp

    Filesize

    1.9MB

  • memory/4684-76-0x0000000000400000-0x0000000000677000-memory.dmp

    Filesize

    2.5MB

  • memory/4684-42-0x0000000000400000-0x0000000000677000-memory.dmp

    Filesize

    2.5MB

  • memory/4684-98-0x0000000000400000-0x0000000000677000-memory.dmp

    Filesize

    2.5MB

  • memory/4684-118-0x0000000000400000-0x0000000000677000-memory.dmp

    Filesize

    2.5MB

  • memory/4684-129-0x0000000000400000-0x0000000000677000-memory.dmp

    Filesize

    2.5MB

  • memory/4684-140-0x0000000000400000-0x0000000000677000-memory.dmp

    Filesize

    2.5MB

  • memory/4684-151-0x0000000000400000-0x0000000000677000-memory.dmp

    Filesize

    2.5MB

  • memory/4684-162-0x0000000000400000-0x0000000000677000-memory.dmp

    Filesize

    2.5MB

  • memory/4684-173-0x0000000000400000-0x0000000000677000-memory.dmp

    Filesize

    2.5MB

  • memory/4684-184-0x0000000000400000-0x0000000000677000-memory.dmp

    Filesize

    2.5MB

  • memory/4684-195-0x0000000000400000-0x0000000000677000-memory.dmp

    Filesize

    2.5MB