Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

18d4360bdb...18.exe

windows7-x64

10

18d4360bdb...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    140s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28/06/2024, 04:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    18d4360bdb5c027080cb0b2ad6029a0e_JaffaCakes118.exe

  • Size

    164KB

  • MD5

    18d4360bdb5c027080cb0b2ad6029a0e

  • SHA1

    fae43f8758dd0c516d61fb0bc3a35987a0d9e9ac

  • SHA256

    9cf446d05c5d1c0d9056f0fb3023397b09dfc299a51e9c282958ae083c0e894f

  • SHA512

    792570de0fbe423b069f0c9de95f918f30982409033d71ef5ab4d1f2e96dd518d1b680334653014eff397aede203e2ba929fc8643b3298836780071ce5684d63

  • SSDEEP

    3072:4/X8qNV76jgrW2nWnqgLU/mLwITxm8KU/CaGVul46PcL76SAN:usqT7CgrZPgL5wexm6VlgvA

Score
10/10
persistencespywarestealerupx

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 11 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\18d4360bdb5c027080cb0b2ad6029a0e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\18d4360bdb5c027080cb0b2ad6029a0e_JaffaCakes118.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Suspicious use of WriteProcessMemory
    PID:2256
    • C:\Users\Admin\AppData\Local\Temp\18d4360bdb5c027080cb0b2ad6029a0e_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\18d4360bdb5c027080cb0b2ad6029a0e_JaffaCakes118.exe startC:\Program Files (x86)\LP\359A\E27.exe%C:\Program Files (x86)\LP\359A
      2⤵
        PID:2464
      • C:\Users\Admin\AppData\Local\Temp\18d4360bdb5c027080cb0b2ad6029a0e_JaffaCakes118.exe
        C:\Users\Admin\AppData\Local\Temp\18d4360bdb5c027080cb0b2ad6029a0e_JaffaCakes118.exe startC:\Program Files (x86)\D2AA4\lvvm.exe%C:\Program Files (x86)\D2AA4
        2⤵
          PID:1324

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Roaming\A20D2\2AA4.20D
        Filesize

        600B

        MD5

        7f053957e9c026e0b31717475e6fa6d0

        SHA1

        fb5207adf1ad05ddfae05e473ea3e3ab2b07e116

        SHA256

        c9ca4f50d94441d2c72f9fa28d0c61481573b86a85d4955225c8188754b18c82

        SHA512

        f245b1d54afdfacc98af78f44cdf6d690cfdedebca4ec43b8ba74861fa9437e4e9da141e43e3a1a6ebbef519c43460b7b73b9451d97d43931f76eb4a782d9aad

        Download Submit

      • C:\Users\Admin\AppData\Roaming\A20D2\2AA4.20D
        Filesize

        996B

        MD5

        82248e07dacc791098263c5d3bfa9338

        SHA1

        525ea9ea1d0d16f56c2f1d2f69dd9c0ec80067bf

        SHA256

        d5ba334b8d9e9ce2aa2849bef194af44ff4194b6ab8f8c781062bf259b5f9645

        SHA512

        48be42811e52ed63c59e9303e14eed8658598ed02ed65142480677e6c070c36963336aae2e52d196cf4d47381704d7b8aefdd6464173fc7b73c22fa37af77f1a

        Download Submit

      • C:\Users\Admin\AppData\Roaming\A20D2\2AA4.20D
        Filesize

        1KB

        MD5

        130c466650442ca95d25b6be9d77c12d

        SHA1

        eb34e636605c45281c2f66fbc0545ff31c58fc2d

        SHA256

        1221c35c4a426813855896d92c87fdc3dcba158721722384aedf48ae3d103015

        SHA512

        68263d04d65fc1f629ec9bef3ba9ba5a72ff771ab070c0b56af2ae8de260fce47c3ea1cb78f31f924f3a5c5e24fb03862527643ac9c7b92e6075f770775ae52a

        Download Submit

      • memory/1324-137-0x000000000027C000-0x0000000000291000-memory.dmp

        Filesize

        84KB

        Download

      • memory/1324-135-0x0000000000400000-0x0000000000491000-memory.dmp

        Filesize

        580KB

        Download

      • memory/1324-136-0x0000000000400000-0x000000000048E000-memory.dmp

        Filesize

        568KB

        Download

      • memory/2256-17-0x0000000000400000-0x0000000000491000-memory.dmp

        Filesize

        580KB

        Download

      • memory/2256-0-0x0000000000400000-0x0000000000491000-memory.dmp

        Filesize

        580KB

        Download

      • memory/2256-138-0x0000000000400000-0x0000000000491000-memory.dmp

        Filesize

        580KB

        Download

      • memory/2256-4-0x0000000000400000-0x0000000000491000-memory.dmp

        Filesize

        580KB

        Download

      • memory/2256-3-0x0000000000400000-0x000000000048E000-memory.dmp

        Filesize

        568KB

        Download

      • memory/2256-250-0x0000000000400000-0x000000000048E000-memory.dmp

        Filesize

        568KB

        Download

      • memory/2256-298-0x0000000000400000-0x0000000000491000-memory.dmp

        Filesize

        580KB

        Download

      • memory/2464-15-0x0000000000400000-0x0000000000491000-memory.dmp

        Filesize

        580KB

        Download

      • memory/2464-16-0x0000000000400000-0x0000000000491000-memory.dmp

        Filesize

        580KB

        Download

      • memory/2464-252-0x0000000000400000-0x0000000000491000-memory.dmp

        Filesize

        580KB

        Download