Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    27/06/2024, 12:59

General

  • Target

    16175ed53b3962d8c14c1ffd5f2482c7_JaffaCakes118.exe

  • Size

    204KB

  • MD5

    16175ed53b3962d8c14c1ffd5f2482c7

  • SHA1

    1c76ef23b41bae50dc700c0ee5cbbf9a1d05e7a7

  • SHA256

    26fede729834ee64c5bbe0cfa5516e72fb5dc361ace426c3cac2d8cc3c51ec0c

  • SHA512

    e289106343394ef5f884398cca66a05bfeb75f01e02c46d91a4e481164dcf2e4576c41aa5d8648a5cb8a16c4a4a76bbd61b8bb7c9ed1a695dd26a17e88621275

  • SSDEEP

    3072:1TqqZBXj3pZgjxp8HRfW+Ida220gN4JsBi40BuWNVYrcLwcYieNRrhomiyTfXIKg:1muxDpZgdORfWTmiDBuhTIaxu+7qT

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 50 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\16175ed53b3962d8c14c1ffd5f2482c7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\16175ed53b3962d8c14c1ffd5f2482c7_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2872
    • C:\Users\Admin\feiozoh.exe
      "C:\Users\Admin\feiozoh.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2520

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\feiozoh.exe

    Filesize

    204KB

    MD5

    d4f8507790dbfcabc87c50a1f28da81b

    SHA1

    79dc74c0b54273c22cfa6eb6869d6c27aad4e0a1

    SHA256

    40ee068546852acce2518adf8b5ad58106ec142dc6ffdc40305196186b817817

    SHA512

    18227c5c23dfe06197cc2831c5e2ea3de831a7a5708986bad36d215a166dec8d500e14d080e1b1b019cc8a4435a7a93be0d0a016792a46ebd95be6d3093c9757