Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

282dcac359...18.exe

windows7-x64

7

282dcac359...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    06/07/2024, 10:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    282dcac35974575f937242bba67a37d6_JaffaCakes118.exe

  • Size

    123KB

  • MD5

    282dcac35974575f937242bba67a37d6

  • SHA1

    670e9d6d45142f96985d34b87cc95d29876e1262

  • SHA256

    11ab6478ea15503cfb699dffbdf9968a6e17d78a3c4bb6fe0991ffe1930e1516

  • SHA512

    ab3b92e5eee754af83f003983fdd61c7e418f511ccf9035cb6c9c039fe1a4b5c1ba9e4f5480f247c8baf906e65dbb9e4a76040003ade7bb1f8ba6387081758b3

  • SSDEEP

    3072:Eb9Sb1K9HK4CTbdcsvFWj+eDafue7o0qQk0BVkY3Poutu:E5SbwRK4CTbd9W7Dan7o0TBVkEPoS

Score
7/10
persistenceupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 11 IoCs
  • Suspicious use of SendNotifyMessage 11 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\282dcac35974575f937242bba67a37d6_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\282dcac35974575f937242bba67a37d6_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:2376

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NFAY0EOS\connecting_icon[1]
    Filesize

    301B

    MD5

    81f2114b7bcc913245df781df3eb9ae5

    SHA1

    46beb25a2a30e66c65ebddb72f836542e3655d21

    SHA256

    13237f6652c8a50f987ee5227ce16778117add802584a5e19ef892eac6e1d3e8

    SHA512

    446e34fc67e66d60a7e4a4ee65b47ca04198a8566c4d5cc665249fed8d8616cd6d674cb82621dfea4303cd7a1f90488027b352972219873bf90094d62e763b6c

    Download Submit

  • memory/2376-0-0x0000000000400000-0x0000000000458000-memory.dmp

    Filesize

    352KB

    Download

  • memory/2376-3-0x00000000002C0000-0x00000000002C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2376-27-0x0000000000400000-0x0000000000458000-memory.dmp

    Filesize

    352KB

    Download

  • memory/2376-33-0x00000000002C0000-0x00000000002C1000-memory.dmp

    Filesize

    4KB

    Download