Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
143s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
08/07/2024, 23:25
General
-
Target
2e34d9933bcbb900c294a21b352fcee5_JaffaCakes118.exe
-
Size
409KB
-
MD5
2e34d9933bcbb900c294a21b352fcee5
-
SHA1
89f921f90db70e9ec84d71fd023b3641d27b7623
-
SHA256
ca38f6e2fd6b910bf8a487dcf0775c6881260f0d02593777b4f0f1ccb0d93eda
-
SHA512
cf5eda42912cc30af0a58f58841857d812bbf233f1671fce2ffb63cec6cd8039305376677069036686b724a5b20a091055da7af56976575df7233929a4590bbd
-
SSDEEP
6144:nXgenPyy1Fr645gyGZ6CTZ2sRGUB8nqhz0YLjJoxGq6IECcJrd88mBNQ0:nXgM5Idd/JBkYAYFYGq6ccJp6BO0
Malware Config
Signatures
-
UAC bypass 3 TTPs 1 IoCs
-
Windows security bypass 2 TTPs 1 IoCs
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
Windows security modification 2 TTPs 1 IoCs
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Maps connected drives based on registry 3 TTPs 2 IoCs
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of AdjustPrivilegeToken 13 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
-
System policy modification 1 TTPs 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2e34d9933bcbb900c294a21b352fcee5_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\2e34d9933bcbb900c294a21b352fcee5_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Xenocode\Sandbox\lDynScdbgQKRvI\1.00\2012.07.19T00.35\Virtual\STUBEXE\@APPDATALOCAL@\Temp\Stub.exe"C:\Users\Admin\AppData\Local\Temp\Stub.exe"2⤵
- UAC bypass
- Windows security bypass
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
- Checks whether UAC is enabled
- Maps connected drives based on registry
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Users\Admin\AppData\Local\Xenocode\Sandbox\lDynScdbgQKRvI\1.00\2012.07.19T00.35\Virtual\STUBEXE\@APPDATALOCAL@\Temp\Stub.exeC:\Users\Admin\AppData\Local\Temp\Stub.exe3⤵
- Executes dropped EXE
-
-
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
4Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
17KB
MD5ffddd476237664ec5d75f92e2cfe964f
SHA138cea1fe7f3c85a3e608f9a4cd32c063416d7de0
SHA256afc603e36361522801c1ba217c8724f10daf2e70b94b79c15840eec4203f6c7a
SHA512e5a0ed8714821be192479b373c17cad7fcfe48fefd8c0927bf4ed03e33431beeefd312ea2ed6f42c3aa1c7fee01ac9498e5f2739f93fe24192799d0af13026c6
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
4KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
4KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
34KB
-
Filesize
34KB