Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2e0600c42c...18.exe

windows7-x64

7

2e0600c42c...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    08/07/2024, 22:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe

  • Size

    622KB

  • MD5

    2e0600c42c5c88fbcf91204480f050e9

  • SHA1

    41ca5db58ebbed87fca19888473a5d2d4d9ff52e

  • SHA256

    29dbf494bd4b33e84f9be5f90b7c55abdc50573b6492bc0e2a552f54b31d8f0d

  • SHA512

    14676f77cceb9b187e4418c5c99b14d77540c0c41826266513a0b8d9ae1ea4d8c1e20e4c727a4032cc5e4791ca38b751bd4f58802be1f80a2086281741f804a9

  • SSDEEP

    12288:baqRmEUXAxE+8z7IVmAD07yXRL5ajr6iPblBw5tBW9NcdKt63kldUyTvrmSZDBiq:bHYAvD07e9ijlBMOcAt63kldHqpvRij1

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2e0600c42c5c88fbcf91204480f050e9_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2448
    • C:\Users\Admin\AppData\Local\Temp\SETUP_20612\Setup.exe
      C:\Users\Admin\AppData\Local\Temp\SETUP_20612\Setup.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2168

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\SETUP_20612\Modern_Setup.bmp
    Filesize

    149KB

    MD5

    ded1d8db477cc655b17e16c6fe989707

    SHA1

    e48613ed98876b022460f629971c941ad3100f78

    SHA256

    7a5d14d64ef24cdf895f947700f6e8444940c3cf5b23e868f2b3a14f0fe14206

    SHA512

    3efc3d0d2bce3f5b2c9d74d1e5dee275e6bc8098e4e805ad67c57e3567c888fcd5865cee517f52419a8dd587383d51c385647873fbd025a0781e4371dba60be2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\SETUP_20612\Setup.txt
    Filesize

    2KB

    MD5

    ce51adcc11949a21d3ff467e564fbd57

    SHA1

    26736d7bc7d46851a46e94a6aa62d95aec38b5b7

    SHA256

    1533f1fc8c4c1a6d351d675dc4d67b22416f1ecbcd861bb75428121808c6f1f0

    SHA512

    a31f8fa2e8dde0b65ccf9077f6896187e73088a8adb895df08ba9c08da07aade65ac9715180b3a187c799f791b7b859fa1521b541196bb715ada38180b863ab1

    Download Submit

  • \Users\Admin\AppData\Local\Temp\SETUP_20612\Setup.exe
    Filesize

    314KB

    MD5

    49be6ba08582347dac2094c2abb42fc5

    SHA1

    df12871e6e34539d437664515f0238feaf98af4f

    SHA256

    eea62bd98348ffd0fb275a9b18e87c221c224aafb52c117f2c5330f38c7ec6a9

    SHA512

    f44724ba4763791e1320f87d2773a96353f1a5022476ea1989184ebd16fc2c132ca43fbf0619600806737b8ac4cfae5b80c363464d6da8310b1aa1c8afa83b39

    Download Submit

  • memory/2168-11-0x0000000000400000-0x00000000004FD000-memory.dmp

    Filesize

    1012KB

    Download

  • memory/2168-16-0x0000000000AD0000-0x0000000000BCD000-memory.dmp

    Filesize

    1012KB

    Download

  • memory/2168-20-0x0000000000400000-0x00000000004FD000-memory.dmp

    Filesize

    1012KB

    Download

  • memory/2168-22-0x0000000000AD0000-0x0000000000BCD000-memory.dmp

    Filesize

    1012KB

    Download

  • memory/2448-8-0x00000000033E0000-0x00000000034DD000-memory.dmp

    Filesize

    1012KB

    Download

  • memory/2448-19-0x0000000000400000-0x0000000000427000-memory.dmp

    Filesize

    156KB

    Download