Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

07f94283cd...18.exe

windows7-x64

7

07f94283cd...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/06/2024, 10:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    07f94283cdb2722b5b9d8178d0551a2b_JaffaCakes118.exe

  • Size

    2.5MB

  • MD5

    07f94283cdb2722b5b9d8178d0551a2b

  • SHA1

    06a143293f2cdc37cece267a9ea173f1be8800c1

  • SHA256

    982f37ac26da3251197f1eb24560694ea0a729f25ee3a51226217e022aba3a11

  • SHA512

    85f1b02768ee54efa66efd5abf0981ad9a5bab802564aeb1c7acfd324ca6b62fc0f7726fe923f48e59fe92cf1fecc06e78026e682984327a9e081627a8c4e9a9

  • SSDEEP

    49152:hZWpGFnd2gi+faE2Ll0q35Pk50hMpKIr65qnaThu8mGU3lFxKutnMRQxW:hZWrgALX35PMbfadBfSxK5B

Score
7/10
evasion

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 1 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\07f94283cdb2722b5b9d8178d0551a2b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\07f94283cdb2722b5b9d8178d0551a2b_JaffaCakes118.exe"
    1⤵
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    • Enumerates connected drives
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3788

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3788-0-0x0000000000400000-0x0000000000864000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/3788-1-0x0000000000401000-0x00000000004A3000-memory.dmp

    Filesize

    648KB

    Download

  • memory/3788-2-0x0000000000400000-0x0000000000864000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/3788-4-0x0000000000400000-0x0000000000864000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/3788-5-0x0000000000400000-0x0000000000864000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/3788-6-0x0000000000400000-0x0000000000864000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/3788-7-0x0000000000400000-0x0000000000864000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/3788-8-0x0000000000400000-0x0000000000864000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/3788-9-0x0000000000400000-0x0000000000864000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/3788-10-0x0000000000400000-0x0000000000864000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/3788-11-0x0000000000400000-0x0000000000864000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/3788-12-0x0000000000400000-0x0000000000864000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/3788-13-0x0000000000400000-0x0000000000864000-memory.dmp

    Filesize

    4.4MB

    Download