Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

272cad7afd...18.exe

windows7-x64

10

272cad7afd...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    146s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    05/07/2024, 22:35 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    272cad7afde0ff794b0bf72e6fca8b96_JaffaCakes118.exe

  • Size

    393KB

  • MD5

    272cad7afde0ff794b0bf72e6fca8b96

  • SHA1

    b34d415fdcf14e008b94ad8c90805718313519e0

  • SHA256

    1c90f6ac450b8e4374ba49c772e2d7b653c7c2be5967366d1a11e4fa779b7a41

  • SHA512

    14a8b3ad162a3b88de29a02f5a7ca2c899263dc1febb3a5c42dac8cd431afe93c865e1d23fc2584d1e3935da34a0389df5a1458ecbdc543fbdb11c26ec6c3840

  • SSDEEP

    12288:S+Og7dUmmLen1G6Lkjr7plWzuDRsVqxmA:S+Og7dkenE6Qf7fpua5

Score
10/10
evasionpersistencetrojan

Malware Config

Signatures

  • Windows security bypass 2 TTPs 10 IoCs
    evasiontrojan
  • Disables taskbar notifications via registry modification
    evasion
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Windows security modification 2 TTPs 14 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\272cad7afde0ff794b0bf72e6fca8b96_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\272cad7afde0ff794b0bf72e6fca8b96_JaffaCakes118.exe"
    1⤵
    • Windows security bypass
    • Loads dropped DLL
    • Windows security modification
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2560
    • C:\ProgramData\043A6A5B00014973000ABB91B4EB2331\043A6A5B00014973000ABB91B4EB2331.exe
      "C:\ProgramData\043A6A5B00014973000ABB91B4EB2331\043A6A5B00014973000ABB91B4EB2331.exe" "C:\Users\Admin\AppData\Local\Temp\272cad7afde0ff794b0bf72e6fca8b96_JaffaCakes118.exe"
      2⤵
      • Windows security bypass
      • Deletes itself
      • Executes dropped EXE
      • Windows security modification
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:2964

Network

    No results found
  • 122.224.18.199:80
    272cad7afde0ff794b0bf72e6fca8b96_JaffaCakes118.exe
    152 B
     3
  • 178.162.132.116:80
    043A6A5B00014973000ABB91B4EB2331.exe
    152 B
     3
  • 122.224.18.199:80
    272cad7afde0ff794b0bf72e6fca8b96_JaffaCakes118.exe
    152 B
     3
  • 178.162.132.116:80
    043A6A5B00014973000ABB91B4EB2331.exe
    152 B
     3
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \ProgramData\043A6A5B00014973000ABB91B4EB2331\043A6A5B00014973000ABB91B4EB2331.exe
    Filesize

    393KB

    MD5

    272cad7afde0ff794b0bf72e6fca8b96

    SHA1

    b34d415fdcf14e008b94ad8c90805718313519e0

    SHA256

    1c90f6ac450b8e4374ba49c772e2d7b653c7c2be5967366d1a11e4fa779b7a41

    SHA512

    14a8b3ad162a3b88de29a02f5a7ca2c899263dc1febb3a5c42dac8cd431afe93c865e1d23fc2584d1e3935da34a0389df5a1458ecbdc543fbdb11c26ec6c3840

    Download Submit

  • memory/2560-29-0x0000000000411000-0x00000000004D2000-memory.dmp

    Filesize

    772KB

    Download

  • memory/2560-2-0x0000000000410000-0x00000000004D8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/2560-1-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2560-7-0x0000000000410000-0x00000000004D8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/2560-6-0x0000000000410000-0x00000000004D8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/2560-5-0x0000000000411000-0x00000000004D2000-memory.dmp

    Filesize

    772KB

    Download

  • memory/2560-0-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2560-38-0x0000000000411000-0x00000000004D2000-memory.dmp

    Filesize

    772KB

    Download

  • memory/2560-39-0x0000000000410000-0x00000000004D8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/2560-4-0x0000000000410000-0x00000000004D8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/2560-27-0x0000000000410000-0x00000000004D8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/2964-23-0x0000000000410000-0x00000000004D8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/2964-21-0x0000000000410000-0x00000000004D8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/2964-28-0x0000000000410000-0x00000000004D8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/2964-18-0x0000000000410000-0x00000000004D8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/2964-22-0x0000000000410000-0x00000000004D8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/2964-16-0x0000000000410000-0x00000000004D8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/2964-41-0x0000000000410000-0x00000000004D8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/2964-42-0x0000000000410000-0x00000000004D8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/2964-47-0x0000000000410000-0x00000000004D8000-memory.dmp

    Filesize

    800KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.