Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

29f8d6102e...18.exe

windows7-x64

10

29f8d6102e...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    07/07/2024, 12:21 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    29f8d6102eeae3c9864ee958081ce7ef_JaffaCakes118.exe

  • Size

    384KB

  • MD5

    29f8d6102eeae3c9864ee958081ce7ef

  • SHA1

    2b463d285559fdbe61c213ae0254c5ce0a54ef73

  • SHA256

    3c002ac95b57e2a7597b4fda5b82a317bb5f60d66dbcb06b0b6d290e34306c6d

  • SHA512

    5d55b23ccaad544605002202ff6ac16ed85aa8aaad929b4c72e938b9ca7f7dd969dbf340fb0afaaa9218bb966063c2e98961963f4ba670a427ef4f7f6c1796ac

  • SSDEEP

    12288:R4/kOVG3MjYXrM08apXYT0zXAspwGD6pq2p:R4/XG3Mj6pIT0l2GD65

Score
10/10
evasiontrojan

Malware Config

Signatures

  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Windows security bypass 2 TTPs 5 IoCs
    evasiontrojan
  • Disables taskbar notifications via registry modification
    evasion
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Windows security modification 2 TTPs 7 IoCs
    evasiontrojan
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Modifies registry class 22 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs
  • System policy modification 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\29f8d6102eeae3c9864ee958081ce7ef_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\29f8d6102eeae3c9864ee958081ce7ef_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2388
    • C:\ProgramData\043A6AEB00014973000BD86DB4EB2331\043A6AEB00014973000BD86DB4EB2331.exe
      "C:\ProgramData\043A6AEB00014973000BD86DB4EB2331\043A6AEB00014973000BD86DB4EB2331.exe" -d "C:\Users\Admin\AppData\Local\Temp\29f8d6102eeae3c9864ee958081ce7ef_JaffaCakes118.exe"
      2⤵
      • UAC bypass
      • Windows security bypass
      • Deletes itself
      • Executes dropped EXE
      • Windows security modification
      • Checks whether UAC is enabled
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • System policy modification
      PID:2196

Network

    No results found
  • 178.162.132.113:80
    043A6AEB00014973000BD86DB4EB2331.exe
    152 B
     3
  • 178.162.132.113:80
    29f8d6102eeae3c9864ee958081ce7ef_JaffaCakes118.exe
    152 B
     3
  • 178.162.132.113:80
    29f8d6102eeae3c9864ee958081ce7ef_JaffaCakes118.exe
    152 B
     3
  • 178.162.132.113:80
    043A6AEB00014973000BD86DB4EB2331.exe
    152 B
     3
  • 78.159.105.142:80
    043A6AEB00014973000BD86DB4EB2331.exe
    152 B
     3
  • 78.159.105.142:80
    043A6AEB00014973000BD86DB4EB2331.exe
    152 B
     3
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\043A6AEB00014973000BD86DB4EB2331\043A6AEB00014973000BD86DB4EB2331
    Filesize

    328B

    MD5

    23f5309ce3857892fbcba42c7d9ca1de

    SHA1

    c45c729ae006292701a59382bf5b936543f43bce

    SHA256

    56529e6f6bf3dbe5febbd6f0679c96682ce41a2bc6db237a3233b16887e7096c

    SHA512

    a5c5048c3da2875808a3041184be8bc1f5c0e29c9ed7d244226daf4db59716ce65336e460bcd10532355153bc02179873bd03684f9cbbce7fea265e6838c1d07

    Download Submit

  • \ProgramData\043A6AEB00014973000BD86DB4EB2331\043A6AEB00014973000BD86DB4EB2331.exe
    Filesize

    384KB

    MD5

    29f8d6102eeae3c9864ee958081ce7ef

    SHA1

    2b463d285559fdbe61c213ae0254c5ce0a54ef73

    SHA256

    3c002ac95b57e2a7597b4fda5b82a317bb5f60d66dbcb06b0b6d290e34306c6d

    SHA512

    5d55b23ccaad544605002202ff6ac16ed85aa8aaad929b4c72e938b9ca7f7dd969dbf340fb0afaaa9218bb966063c2e98961963f4ba670a427ef4f7f6c1796ac

    Download Submit

  • memory/2196-19-0x0000000000E70000-0x0000000000F58000-memory.dmp

    Filesize

    928KB

    Download

  • memory/2196-23-0x0000000000E70000-0x0000000000F33000-memory.dmp

    Filesize

    780KB

    Download

  • memory/2196-38-0x0000000000E70000-0x0000000000F58000-memory.dmp

    Filesize

    928KB

    Download

  • memory/2196-9-0x0000000000E70000-0x0000000000F33000-memory.dmp

    Filesize

    780KB

    Download

  • memory/2196-10-0x0000000000E70000-0x0000000000F58000-memory.dmp

    Filesize

    928KB

    Download

  • memory/2196-37-0x0000000000E70000-0x0000000000F58000-memory.dmp

    Filesize

    928KB

    Download

  • memory/2196-36-0x0000000000E70000-0x0000000000F58000-memory.dmp

    Filesize

    928KB

    Download

  • memory/2196-30-0x0000000000E70000-0x0000000000F58000-memory.dmp

    Filesize

    928KB

    Download

  • memory/2388-18-0x0000000000930000-0x0000000000A18000-memory.dmp

    Filesize

    928KB

    Download

  • memory/2388-21-0x0000000000930000-0x00000000009F3000-memory.dmp

    Filesize

    780KB

    Download

  • memory/2388-28-0x0000000000930000-0x0000000000A18000-memory.dmp

    Filesize

    928KB

    Download

  • memory/2388-29-0x0000000000930000-0x00000000009F3000-memory.dmp

    Filesize

    780KB

    Download

  • memory/2388-3-0x0000000000930000-0x0000000000A18000-memory.dmp

    Filesize

    928KB

    Download

  • memory/2388-0-0x0000000000240000-0x0000000000295000-memory.dmp

    Filesize

    340KB

    Download

  • memory/2388-1-0x00000000002B0000-0x0000000000302000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2388-2-0x0000000000930000-0x00000000009F3000-memory.dmp

    Filesize

    780KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.