Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

2b1fb1493d...18.exe

windows7-x64

10

2b1fb1493d...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    08/07/2024, 05:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2b1fb1493d626882fd358f5fbb986164_JaffaCakes118.exe

  • Size

    184KB

  • MD5

    2b1fb1493d626882fd358f5fbb986164

  • SHA1

    e5f52d8817ebb8cc5aaa4a76977aaa07c0b14820

  • SHA256

    9fc29028691a15c92519a834f9f4fe5acb56f95af75592bc7053f062b6395b38

  • SHA512

    4dbce10ce0510f7d101e08fc3749e34d4d14f59883b0cb052a69879f6082bf859e930234e70c5f3c70e93ab82ae145aa2a82b94e82edb2baef71f1cb5ee8b6a8

  • SSDEEP

    3072:ZI54B8Sx9YUdtG716ennADVeMfcRAGKB+uMTEd1CTu:ZicZu1tnADVhERAGKB+uSEdl

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 51 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2b1fb1493d626882fd358f5fbb986164_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2b1fb1493d626882fd358f5fbb986164_JaffaCakes118.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3032
    • C:\Users\Admin\cuido.exe
      "C:\Users\Admin\cuido.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2684

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\cuido.exe
    Filesize

    184KB

    MD5

    9d2d88421e91d17566c14c048e367cef

    SHA1

    e5275275b28a3de89523446b7da92f44ea8feccd

    SHA256

    19ee4e106e1edb4670712ed432aa3976b380c23edd8c995d7ac8b049da783f44

    SHA512

    e529d5d943e56fd53c11a700e7295f44d8fc2ef4f783a1ef74cd553af88dd232d1ff2ae4f313566b07fc02f2bb76265ca12b2aba0e678025fcf55ac37eb71b17

    Download Submit