Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

2515662600...18.exe

windows7-x64

10

2515662600...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    04/07/2024, 07:17 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    25156626002546058dce1191e0386ab7_JaffaCakes118.exe

  • Size

    387KB

  • MD5

    25156626002546058dce1191e0386ab7

  • SHA1

    5e612b93d5e29c5a09220749d5f1d8842c01c213

  • SHA256

    7c411adaa05fe3f368acca417d15662fd2057df49ae2945fcd4c058d4a826080

  • SHA512

    ddeeb1704b3be10254298476aa211b5abc2b3fde6bc64072fdc5f619e72b375cfac74871a713c5bf0734f0a26dcb140690a42dd25c2d6c93db2d861758011b39

  • SSDEEP

    12288:eR6S15cdkN/U5onLa/0spyxIuZvUXXWDZAdvFh:nS/Ca/mo+/0ssIdm9AP

Score
10/10
evasiontrojan

Malware Config

Signatures

  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Windows security bypass 2 TTPs 5 IoCs
    evasiontrojan
  • Disables taskbar notifications via registry modification
    evasion
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Windows security modification 2 TTPs 7 IoCs
    evasiontrojan
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Modifies registry class 22 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs
  • System policy modification 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\25156626002546058dce1191e0386ab7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\25156626002546058dce1191e0386ab7_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3016
    • C:\ProgramData\043A6A5B00014973000C42C6B4EB2331\043A6A5B00014973000C42C6B4EB2331.exe
      "C:\ProgramData\043A6A5B00014973000C42C6B4EB2331\043A6A5B00014973000C42C6B4EB2331.exe" -d "C:\Users\Admin\AppData\Local\Temp\25156626002546058dce1191e0386ab7_JaffaCakes118.exe"
      2⤵
      • UAC bypass
      • Windows security bypass
      • Deletes itself
      • Executes dropped EXE
      • Windows security modification
      • Checks whether UAC is enabled
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • System policy modification
      PID:1712

Network

    No results found
  • 178.162.132.113:80
    25156626002546058dce1191e0386ab7_JaffaCakes118.exe
    152 B
     3
  • 178.162.132.113:80
    043A6A5B00014973000C42C6B4EB2331.exe
    152 B
     3
  • 178.162.132.113:80
    25156626002546058dce1191e0386ab7_JaffaCakes118.exe
    152 B
     3
  • 178.162.132.113:80
    043A6A5B00014973000C42C6B4EB2331.exe
    152 B
     3
  • 78.159.105.142:80
    043A6A5B00014973000C42C6B4EB2331.exe
    152 B
     3
  • 78.159.105.142:80
    043A6A5B00014973000C42C6B4EB2331.exe
    152 B
     3
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\043A6A5B00014973000C42C6B4EB2331\043A6A5B00014973000C42C6B4EB2331
    Filesize

    328B

    MD5

    bf83c65f82286257931940179fe735b0

    SHA1

    1d9ce8c3af14404ba589d1fdee077830e2726f3f

    SHA256

    975183e5f62f1ce32d552881d5e2eb7ffe41a1d07a76e80099f48d0521a94519

    SHA512

    d63f0917d1e3c03e67cbfc7ca2229afba50a5f4d1aee32d13dc4c3ceb3e99867de93a85ae809d802de0cd24409998c1c6ef2254f710d22cb29fdd0ad6760b7ee

    Download Submit

  • \ProgramData\043A6A5B00014973000C42C6B4EB2331\043A6A5B00014973000C42C6B4EB2331.exe
    Filesize

    387KB

    MD5

    25156626002546058dce1191e0386ab7

    SHA1

    5e612b93d5e29c5a09220749d5f1d8842c01c213

    SHA256

    7c411adaa05fe3f368acca417d15662fd2057df49ae2945fcd4c058d4a826080

    SHA512

    ddeeb1704b3be10254298476aa211b5abc2b3fde6bc64072fdc5f619e72b375cfac74871a713c5bf0734f0a26dcb140690a42dd25c2d6c93db2d861758011b39

    Download Submit

  • memory/1712-23-0x0000000000E20000-0x0000000000EE3000-memory.dmp

    Filesize

    780KB

    Download

  • memory/1712-38-0x0000000000E20000-0x0000000000F02000-memory.dmp

    Filesize

    904KB

    Download

  • memory/1712-37-0x0000000000E20000-0x0000000000F02000-memory.dmp

    Filesize

    904KB

    Download

  • memory/1712-36-0x0000000000E20000-0x0000000000F02000-memory.dmp

    Filesize

    904KB

    Download

  • memory/1712-11-0x0000000000E20000-0x0000000000F02000-memory.dmp

    Filesize

    904KB

    Download

  • memory/1712-10-0x0000000000E20000-0x0000000000EE3000-memory.dmp

    Filesize

    780KB

    Download

  • memory/1712-30-0x0000000000E20000-0x0000000000F02000-memory.dmp

    Filesize

    904KB

    Download

  • memory/1712-19-0x0000000000E20000-0x0000000000F02000-memory.dmp

    Filesize

    904KB

    Download

  • memory/3016-18-0x00000000011E0000-0x00000000012C2000-memory.dmp

    Filesize

    904KB

    Download

  • memory/3016-21-0x00000000011E0000-0x00000000012A3000-memory.dmp

    Filesize

    780KB

    Download

  • memory/3016-28-0x00000000011E0000-0x00000000012C2000-memory.dmp

    Filesize

    904KB

    Download

  • memory/3016-29-0x00000000011E0000-0x00000000012A3000-memory.dmp

    Filesize

    780KB

    Download

  • memory/3016-0-0x0000000000CE0000-0x0000000000D3B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/3016-3-0x00000000011E0000-0x00000000012C2000-memory.dmp

    Filesize

    904KB

    Download

  • memory/3016-2-0x00000000011E0000-0x00000000012A3000-memory.dmp

    Filesize

    780KB

    Download

  • memory/3016-1-0x0000000000D50000-0x0000000000DA2000-memory.dmp

    Filesize

    328KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.