Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

177ec28db9...18.exe

windows7-x64

7

177ec28db9...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/06/2024, 20:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    177ec28db96be783ee3397662a850a44_JaffaCakes118.exe

  • Size

    932KB

  • MD5

    177ec28db96be783ee3397662a850a44

  • SHA1

    da1553d819cc068250327372e5d42d46baf9460d

  • SHA256

    2d59174a698370ae04f8caf597914562cf2a28ffb9fa092fbb89681cc6e29072

  • SHA512

    a26c4ddc10a2d5f935565508e12378ca2245d78a3838f59e77cab17e8c535bd409b815ad2c10e023a08d6936a1664aff15c0af4c71ce201d0b6bce6c83df8e89

  • SSDEEP

    24576:XTI3ygNUi6ZuscX2kxwxwrrNsCNAPSWIDh7:KygNt6ZuGkfXiCNAPZIR

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of SetWindowsHookEx 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\177ec28db96be783ee3397662a850a44_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\177ec28db96be783ee3397662a850a44_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:3460
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4068 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:756

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\E_N4\com.run
      Filesize

      260KB

      MD5

      ce2f773275d3fe8b78f4cf067d5e6a0f

      SHA1

      b7135e34d46eb4303147492d5cee5e1ef7b392ab

      SHA256

      eb8099c0ad2d82d9d80530443e2909f3b34be0844d445e844f1c994476c86d2d

      SHA512

      d733dc01c047be56680629a385abdd2aa1598a2b5459269028446da9097b6f6c1e7ade5b74e3ac3809dd8a3f8d1cbbe7fd669f2762be61f9c38fd4a2cca9e063

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\E_N4\iext.fnr
      Filesize

      216KB

      MD5

      cba933625bfa502fc4a1d9f34e1e4473

      SHA1

      5319194388c0e53321f99f1541b97af191999a09

      SHA256

      25549c7781b3f1b92e73b0ea721d177207cce914a66f3229a71291f2eb160013

      SHA512

      f5fb4b97c4f68a20e0847e6528740ce659c4501726f3b2dff1ac83e88a3b7198099da03edb0f069cd4af7ed568a2373597b235cd239895addfa5226d3a444142

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\E_N4\iext3.fne
      Filesize

      380KB

      MD5

      07f0db2727c8288cd2cf7c4cf352708d

      SHA1

      caf2d1b631c785c1f6f01189cf841fc2661666ed

      SHA256

      3c18183857979a2b5664d3f852f74e3f31f0626720654914453e964938e18f5e

      SHA512

      b81029a2968663a180feca2e3e47f4736f87a7cc73e6a9153aa227b91d963e077f44c5a289b9f64d6b481b7bd5ccb4bcb762048a4f29810c1f4fd4e6106cb0d3

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\E_N4\krnln.fnr
      Filesize

      1.1MB

      MD5

      638e737b2293cf7b1f14c0b4fb1f3289

      SHA1

      f8e2223348433b992a8c42c4a7a9fb4b5c1158bc

      SHA256

      baad4798c3ab24dec8f0ac3cde48e2fee2e2dffa60d2b2497cd295cd6319fd5b

      SHA512

      4d714a0980238c49af10376ff26ec9e6415e7057925b32ec1c24780c3671047ac5b5670e46c1c6cf9f160519be8f37e1e57f05c30c6c4bda3b275b143aa0bf12

      Download Submit

    • memory/3460-0-0x0000000000400000-0x0000000000417000-memory.dmp

      Filesize

      92KB

      Download

    • memory/3460-11-0x00000000022F0000-0x000000000235F000-memory.dmp

      Filesize

      444KB

      Download

    • memory/3460-18-0x0000000002400000-0x000000000244A000-memory.dmp

      Filesize

      296KB

      Download

    • memory/3460-25-0x00000000028B0000-0x00000000028F4000-memory.dmp

      Filesize

      272KB

      Download

    • memory/3460-29-0x0000000000400000-0x0000000000417000-memory.dmp

      Filesize

      92KB

      Download