Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

15b25974cd...18.exe

windows7-x64

10

15b25974cd...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    27/06/2024, 10:43 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    15b25974cd9e4f1488de4de049cb9ee1_JaffaCakes118.exe

  • Size

    13KB

  • MD5

    15b25974cd9e4f1488de4de049cb9ee1

  • SHA1

    50f7892486da237f7695695f83551f1ba9abfdd2

  • SHA256

    68dc368efa8927c196812266f95f11b061d8e846e075e25fb782e43644fe8965

  • SHA512

    d53cf01bec2abd2898dace5e0c2c55553d935eddf0a119953df26da6693fc40ccfe6c3e74d6d8f2445032bf497ec57f47e288cd9c09a661761cb96bb75d91ce4

  • SSDEEP

    384:yi8HP3ODB8fFAXk2NzLeD2T8GKzV9JCinm3odyeJA+1:yia3OF8fFukweDW+V9tm4dyeW8

Score
10/10
persistence

Malware Config

Signatures

  • Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 1 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 3 IoCs
  • Modifies registry class 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\15b25974cd9e4f1488de4de049cb9ee1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b25974cd9e4f1488de4de049cb9ee1_JaffaCakes118.exe"
    1⤵
    • Adds autorun key to be loaded by Explorer.exe on startup
    • Loads dropped DLL
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2284
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\7ED1.tmp.bat
      2⤵
      • Deletes itself
      PID:2444

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7ED1.tmp.bat
    Filesize

    207B

    MD5

    94be9e3e8b6b8bc5b784dac99b1edcb4

    SHA1

    ef8e7b5657b2959d3e9854c5023261eb78b8255a

    SHA256

    4230feb27fe670aad4d270df89447a7b5d9cf61664b686ace5f78e6167cf51f1

    SHA512

    60af0aba3a640196454d6c0673dd9363e17e6e1f00a200f8b3b87e2c06c992addb9faff96402b15afb328cc072502670f9311f1ff3ba76b0e8fbbdcdb9f2d437

    Download Submit

  • C:\Windows\SysWOW64\ksuserfy.tmp
    Filesize

    2.4MB

    MD5

    163f9151cde020dfeda6cd7827fa5994

    SHA1

    94a96179407f620720674d5252577a4e54adc6d1

    SHA256

    f470d26ab3474d869d84417ec531dafb3c1f9d119e310ccb51f6f9a2514b1aba

    SHA512

    590b00bd95b448a0176a351572c5d49494bc51da7370bcacf531bb766c9a1d51e287db2860f692232a096c08070f1b0d13c986db8f2d4bbe1395760995d1bc91

    Download Submit

  • memory/2284-12-0x0000000010000000-0x0000000010008000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2284-21-0x0000000010000000-0x0000000010008000-memory.dmp

    Filesize

    32KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.