Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

21024467f4...18.exe

windows7-x64

7

21024467f4...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    03/07/2024, 04:00 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    21024467f4f723134072effd5e5d2eab_JaffaCakes118.exe

  • Size

    417KB

  • MD5

    21024467f4f723134072effd5e5d2eab

  • SHA1

    e19dd23ad7f1549869df1d93f22fd3b23b7a5c20

  • SHA256

    9b9f5691ab01b2a6dd5a006d26fb6b9c4cbc1157143cee897d5db0c1847483a4

  • SHA512

    d648797462aab169c09c1c16ee0f47268e6445b1b8e3a264514f0ece2d7c092bc659de6c76284bc82ba0ec96659093a51a8a7f23102ad06c5f30daf63b1f30a1

  • SSDEEP

    6144:Fk4YCqLZh14jvgvqh9Q0CUSGTEkARBNDgbq8M9Mxdb9feBc1e:FKh1vqhi0Cy4kARLBak

Score
7/10
persistenceupx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 10 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\21024467f4f723134072effd5e5d2eab_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\21024467f4f723134072effd5e5d2eab_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1312
    • C:\ProgramData\nNeMpEd01808\nNeMpEd01808.exe
      "C:\ProgramData\nNeMpEd01808\nNeMpEd01808.exe" "C:\Users\Admin\AppData\Local\Temp\21024467f4f723134072effd5e5d2eab_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:3096

Network

    No results found
  • 91.193.194.40:80
    21024467f4f723134072effd5e5d2eab_JaffaCakes118.exe
    152 B
     120 B
     3
    3
  • 91.193.194.40:80
    21024467f4f723134072effd5e5d2eab_JaffaCakes118.exe
    152 B
     120 B
     3
    3
  • 91.193.194.40:80
    21024467f4f723134072effd5e5d2eab_JaffaCakes118.exe
    152 B
     120 B
     3
    3
  • 91.193.194.40:80
    21024467f4f723134072effd5e5d2eab_JaffaCakes118.exe
    152 B
     120 B
     3
    3
  • 91.193.194.40:80
    21024467f4f723134072effd5e5d2eab_JaffaCakes118.exe
    152 B
     120 B
     3
    3
  • 91.193.194.40:80
    21024467f4f723134072effd5e5d2eab_JaffaCakes118.exe
    152 B
     120 B
     3
    3
  • 91.193.194.40:80
    nNeMpEd01808.exe
    152 B
     120 B
     3
    3
  • 91.193.194.40:80
    nNeMpEd01808.exe
    152 B
     120 B
     3
    3
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \ProgramData\nNeMpEd01808\nNeMpEd01808.exe
    Filesize

    417KB

    MD5

    880da3d66e62cb60f177a7e06fa0ee4a

    SHA1

    871657113edb1a48d6b7428d7b3a3f599b8e85b1

    SHA256

    86db16f7d0bdf87314ae7b4fd1cbc02c033052db2c9d76464e026579500108d6

    SHA512

    10a49fda7049c75b42f1553bbda21c804c643a6d92ed89438d2c4801880c5cc4c9801cb3794b76848723b6dd00adf0a64cd8496b38dc2d5ed486ad0713d9dccc

    Download Submit

  • memory/1312-4-0x0000000000468000-0x00000000004B0000-memory.dmp

    Filesize

    288KB

    Download

  • memory/1312-3-0x0000000000400000-0x00000000004B3000-memory.dmp

    Filesize

    716KB

    Download

  • memory/1312-0-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1312-5-0x0000000000400000-0x00000000004B3000-memory.dmp

    Filesize

    716KB

    Download

  • memory/1312-8-0x0000000000400000-0x00000000004B3000-memory.dmp

    Filesize

    716KB

    Download

  • memory/1312-1-0x0000000000400000-0x00000000004B3000-memory.dmp

    Filesize

    716KB

    Download

  • memory/1312-29-0x0000000000400000-0x00000000004B3000-memory.dmp

    Filesize

    716KB

    Download

  • memory/1312-31-0x0000000000400000-0x00000000004B3000-memory.dmp

    Filesize

    716KB

    Download

  • memory/3096-26-0x0000000000400000-0x00000000004B3000-memory.dmp

    Filesize

    716KB

    Download

  • memory/3096-25-0x0000000000400000-0x00000000004B3000-memory.dmp

    Filesize

    716KB

    Download

  • memory/3096-30-0x0000000000400000-0x00000000004B3000-memory.dmp

    Filesize

    716KB

    Download

  • memory/3096-38-0x0000000000400000-0x00000000004B3000-memory.dmp

    Filesize

    716KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.