Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

0f94ca18b6...18.exe

windows7-x64

10

0f94ca18b6...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    25/06/2024, 21:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0f94ca18b66a6bc523da99b52b47c947_JaffaCakes118.exe

  • Size

    140KB

  • MD5

    0f94ca18b66a6bc523da99b52b47c947

  • SHA1

    64e31c5ac914e6d1bb4df57cd2bc33f9ed088c4f

  • SHA256

    824d5e30a658d3a67d2377e7f97bc33811f7680ce950cc602d5f7cd6a4c76ae5

  • SHA512

    e7c69e97c57d351451e3d5073c0a720524839235f96a983cc70f62624005b2ace0b9e179ddc68730e91ab627a582b47f2823f11e04a55f4ac101e3458f2207d7

  • SSDEEP

    3072:tY2TEm50QYyAXBYeNgn6gb0kYp8OyDn8+rkP+7x8Dzve:tJTEOPYywBYeUpb0kYp8OyDn8+rkP+7l

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 52 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0f94ca18b66a6bc523da99b52b47c947_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0f94ca18b66a6bc523da99b52b47c947_JaffaCakes118.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2512
    • C:\Users\Admin\delog.exe
      "C:\Users\Admin\delog.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2212

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\delog.exe
    Filesize

    140KB

    MD5

    18a1487fb9a0dbc2e3b104eb36e415ce

    SHA1

    d8210eda0c6b37b543f94daac7d384daa1b34617

    SHA256

    d5f353413e93f24f40c0f9250fe183ee634c4513509e843ef4b5fcb9e5e176de

    SHA512

    dc12f3490b8f4a3388a62f4ae7df337fb67444607939b144936020ce8082371cb0489f5044b1d0a9de4fb1ebe55ce8ebc3abbe6324e3db267befe63823b585e3

    Download Submit