Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

0e16484583...18.exe

windows7-x64

7

0e16484583...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    25/06/2024, 12:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0e164845833decea7bcf5ea7ff3f68de_JaffaCakes118.exe

  • Size

    20KB

  • MD5

    0e164845833decea7bcf5ea7ff3f68de

  • SHA1

    84cde72064677e0e76eba4ee3e040244b1197cd9

  • SHA256

    3ddcdf2d0e1afa87ca2b55d96775691cd33a31bd84543ee1081488bd7f99eed9

  • SHA512

    1befd80db6ecd968b84cdef3a6f919ae79a2209da8c3a6bfa6a2f0bb939871b7695cce2af3023c9445aab071ca372631255a0da13ec654c61234b282a5f995a4

  • SSDEEP

    384:PU398UjtZC+tBagAlugVRyuOS3E8/kWzfzwdH2zS7EY6U0Qtd:q91vMlugVTBESTzwozkEY6U5

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0e164845833decea7bcf5ea7ff3f68de_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0e164845833decea7bcf5ea7ff3f68de_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2380
    • C:\Windows\SysWOW64\Sysmsge.exe
      "C:\Windows\system32\Sysmsge.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      PID:2848
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\0E1648~1.EXE > nul
      2⤵
      • Deletes itself
      PID:1920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\SYSMON.DLL
    Filesize

    36KB

    MD5

    a454d8e984fa9dee17d92b7cd0ddc557

    SHA1

    1a0836cd4538bcaae05968430c9a401b07b8ad7e

    SHA256

    15f83d14eaa7ffeedf1d251f7e84c2668245278f71d4a3deab5a16afb43a7731

    SHA512

    27d62aff81f6159b466a9dbd31bfae8cceb00d1d540a1340fe2bed73d2c2bf62dc354a17fe876c615ebf8cb953ef212a0186299cf38d0c6cdc1d58951c55f41f

    Download Submit

  • \Windows\SysWOW64\Sysmsge.exe
    Filesize

    20KB

    MD5

    07bc73c1bd4b6658cef9130603b62569

    SHA1

    79270b1d53542a33da395b5c91d8850ae7c99928

    SHA256

    88005a77b27e7a685381adca91b577e5678f40dfdce66c45cb1a8b5ba2068e56

    SHA512

    56c12c1a3c51f673bd9785cd0e667aa6316043d9ebfcf7b760f6b82b538219a796a82f2aa57f74075410e33618d88bb5bc8144e0a743de03324e14ee3e6f467b

    Download Submit

  • memory/2380-0-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2380-4-0x00000000003E0000-0x00000000003EA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2380-13-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2380-12-0x00000000003E0000-0x00000000003EA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2848-14-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2848-17-0x00000000002E0000-0x00000000002E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2848-16-0x0000000010000000-0x0000000010010000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2848-18-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download