Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

180b5d1330...18.exe

windows7-x64

7

180b5d1330...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    3s
  • max time network
    59s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/06/2024, 00:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    180b5d1330666b9064248c0b17b31857_JaffaCakes118.exe

  • Size

    108KB

  • MD5

    180b5d1330666b9064248c0b17b31857

  • SHA1

    8708c617a73f4e6e8f6a9e9928a739df2110da1f

  • SHA256

    aefe5824e927f4edfde9cfb6bebdb47f55c2f9c318e505379a98105f137ad81f

  • SHA512

    42f4c49f766d9b2aa0f9893563e893601f9b31109cf5b7457a3c38431d19aeb2e68ba764c5fe8fde605583c06995ba179b2780b0b8309fc9282ecd137eb45b8f

  • SSDEEP

    768:lHqAY4F9PALNEU18XkzJRbFD4gP0eQk73Vo7JHDsy2dibcis1U4DUuHiwR9Up:sAYBLK8N4rDyy2i3KU4gJwRap

Score
7/10
persistence

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3416
      • C:\Users\Admin\AppData\Local\Temp\180b5d1330666b9064248c0b17b31857_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\180b5d1330666b9064248c0b17b31857_JaffaCakes118.exe"
        2⤵
        • Loads dropped DLL
        • Adds Run key to start application
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1840

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\WINSvr32.dll
      Filesize

      32KB

      MD5

      867097a02f066f0850350ecd029c250e

      SHA1

      24e6e0259e55b55a66d270320d118e6c959b364c

      SHA256

      68a7e98afc5ebd02e53da027722c7237eb6cf551e0158a3c5bebef53437b93ac

      SHA512

      5882fb810cd2f932e7b1e163e8ec382e5e5653bd4e729b7dc4c518c7f84f829941ef3c92941b6a9deb5c951af89d95517a24a1916ee3cc7cd4121590ddccb269

      Download Submit

    • memory/1840-0-0x0000000000400000-0x000000000041B000-memory.dmp

      Filesize

      108KB

      Download

    • memory/1840-8-0x0000000000401000-0x0000000000402000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1840-9-0x0000000010000000-0x000000001000B000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1840-11-0x0000000000400000-0x000000000041B000-memory.dmp

      Filesize

      108KB

      Download

    • memory/3416-3-0x0000000002810000-0x0000000002811000-memory.dmp

      Filesize

      4KB

      Download