Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

224c174afb...18.exe

windows7-x64

7

224c174afb...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    03/07/2024, 11:51 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    224c174afbd32b0e0681ef686374d479_JaffaCakes118.exe

  • Size

    76KB

  • MD5

    224c174afbd32b0e0681ef686374d479

  • SHA1

    3f3a29b966e5128717361443948f2b4ea4fb3d65

  • SHA256

    06160e5b8c4e053c61bff064df2fa59edc586c8c64612ed9ce77ef11c4cff0c4

  • SHA512

    f3336c29fd25f69a2c22fca70c4b596513c33e8a6cff57fffb32bb2e58f3073c396a1bfaeb211afbdc4ef24d1964d3c88eb5f17d89843d6fcaf3a25a7f296b46

  • SSDEEP

    1536:fnZA1D7L1qgk4sJXj1UuXK2ntmJbaTe4pk:fnZSnL1qghs5qspIhCi

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 38 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\224c174afbd32b0e0681ef686374d479_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\224c174afbd32b0e0681ef686374d479_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2116
    • C:\Users\Admin\AppData\Local\Temp\224c174afbd32b0e0681ef686374d479_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\224c174afbd32b0e0681ef686374d479_JaffaCakes118.exe"
      2⤵
      • Loads dropped DLL
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1624
      • C:\Users\Admin\AppData\Roaming\Wpidiz.exe
        "C:\Users\Admin\AppData\Roaming\Wpidiz.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        PID:2656
        • C:\Users\Admin\AppData\Roaming\Wpidiz.exe
          "C:\Users\Admin\AppData\Roaming\Wpidiz.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2756
          • C:\Program Files (x86)\Internet Explorer\iexplore.exe
            "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
            5⤵
            • Suspicious use of WriteProcessMemory
            PID:2568
            • C:\Program Files\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
              6⤵
              • Modifies Internet Explorer settings
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SetWindowsHookEx
              • Suspicious use of WriteProcessMemory
              PID:2744
              • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2744 CREDAT:275457 /prefetch:2
                7⤵
                • Modifies Internet Explorer settings
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of SetWindowsHookEx
                PID:1216

Network

  • flag-us
    DNS
    api.bing.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    api.bing.com
    IN A
  • flag-us
    DNS
    api.bing.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    api.bing.com
    IN A
  • flag-us
    DNS
    api.bing.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    api.bing.com
    IN A
  • flag-us
    DNS
    api.bing.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    api.bing.com
    IN A
  • flag-us
    DNS
    api.bing.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    api.bing.com
    IN A
No results found
  • 8.8.8.8:53
    api.bing.com
    dns
    IEXPLORE.EXE
    290 B
     5

    DNS Request

    api.bing.com

    DNS Request

    api.bing.com

    DNS Request

    api.bing.com

    DNS Request

    api.bing.com

    DNS Request

    api.bing.com

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Wpidiz.exe
    Filesize

    76KB

    MD5

    224c174afbd32b0e0681ef686374d479

    SHA1

    3f3a29b966e5128717361443948f2b4ea4fb3d65

    SHA256

    06160e5b8c4e053c61bff064df2fa59edc586c8c64612ed9ce77ef11c4cff0c4

    SHA512

    f3336c29fd25f69a2c22fca70c4b596513c33e8a6cff57fffb32bb2e58f3073c396a1bfaeb211afbdc4ef24d1964d3c88eb5f17d89843d6fcaf3a25a7f296b46

    Download Submit

  • memory/1624-17-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/1624-1-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/1624-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1624-9-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/1624-5-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/1624-3-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/1624-16-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/1624-29-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/1624-7-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/1624-13-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2116-14-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/2116-0-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/2116-12-0x0000000000220000-0x0000000000246000-memory.dmp

    Filesize

    152KB

    Download

  • memory/2656-30-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/2656-38-0x0000000000220000-0x0000000000246000-memory.dmp

    Filesize

    152KB

    Download

  • memory/2656-48-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/2756-50-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2756-52-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.