Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

3

293e602a4a...18.exe

windows7-x64

5

293e602a4a...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    95s
  • max time network
    99s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/07/2024, 18:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    293e602a4aaa822bee367cc81ad5341f_JaffaCakes118.exe

  • Size

    124KB

  • MD5

    293e602a4aaa822bee367cc81ad5341f

  • SHA1

    fa38098ca35bb087def5524b183b8db3301d1fc7

  • SHA256

    296e022cd9ba5e14cd39b75c33c96ad05319fa672d1ccd473faefa0d7d8eac29

  • SHA512

    749f6cfc745793b1df27506eb67e46bc28fea27b499150943426344de3931004e34cd5ab29b37a6cb0bf7895287bb3c552a3798a10b02e5d6726a28dc0ddfd1d

  • SSDEEP

    1536:E0FqL5iJdpBqKj3mC4gSF/FHs2pg4hVqEsI7euwM045cmkypwcO7Wdd:HFlpBq2mDgSF/qOPsIyuwMTcmacO7

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\293e602a4aaa822bee367cc81ad5341f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\293e602a4aaa822bee367cc81ad5341f_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2820

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2820-0-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2820-7-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download