Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2cec946711...18.exe

windows7-x64

7

2cec946711...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    08/07/2024, 15:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2cec946711c83f10cd19da625fe9b29b_JaffaCakes118.exe

  • Size

    543KB

  • MD5

    2cec946711c83f10cd19da625fe9b29b

  • SHA1

    5adda6c883a251bb444ba0cc9aafa4998e10e00f

  • SHA256

    4ea8de3128a42108f14519c9a24221bd212e6893e1646b05723c4717ac3e6fc4

  • SHA512

    cd784186cf158a1cb7f176316939f2aee9d2bbfb293f473dcfa354a86c46cfad90e6c7d58d585b93d31b9e94e945cac92035a5e09ce4942c8600bc69d02cd644

  • SSDEEP

    12288:nOI2YpeqiR9mDny7aD44g+QF8GlF3Z4mxxoLeP6MzEUkdjqo:B2Ypl09q0aD44+QmXoCyq2Rqo

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies data under HKEY_USERS 37 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2cec946711c83f10cd19da625fe9b29b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2cec946711c83f10cd19da625fe9b29b_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1572
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\Delete.bat
      2⤵
      • Deletes itself
      PID:640
  • C:\Windows\muqiu
    C:\Windows\muqiu
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2092
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
      2⤵
        PID:2252

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\Delete.bat
      Filesize

      214B

      MD5

      143874551bc96c84943f98d4000e5f00

      SHA1

      1361434eaeec59d8e0d423f6cc9b5031c955afda

      SHA256

      61a815c30cc82f0400d9c52f79b194e5def34136bc83538a1cde7399bd082d79

      SHA512

      fa9fa729b6f3d2f112fe709070d4fd4d364eaca54f86cab09b99e04d3f07df85483e5f3f830becc48e255f13d4a9b68949a97d6c78d8df92382b8fa92b4c357b

      Download Submit

    • C:\Windows\muqiu
      Filesize

      543KB

      MD5

      2cec946711c83f10cd19da625fe9b29b

      SHA1

      5adda6c883a251bb444ba0cc9aafa4998e10e00f

      SHA256

      4ea8de3128a42108f14519c9a24221bd212e6893e1646b05723c4717ac3e6fc4

      SHA512

      cd784186cf158a1cb7f176316939f2aee9d2bbfb293f473dcfa354a86c46cfad90e6c7d58d585b93d31b9e94e945cac92035a5e09ce4942c8600bc69d02cd644

      Download Submit

    • memory/1572-24-0x0000000000590000-0x0000000000591000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1572-10-0x00000000005C0000-0x00000000005C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1572-8-0x00000000022D0000-0x00000000022D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1572-7-0x00000000022E0000-0x00000000022E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1572-22-0x0000000003250000-0x0000000003251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1572-5-0x00000000005B0000-0x00000000005B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1572-4-0x00000000022F0000-0x00000000022F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1572-3-0x00000000005D0000-0x00000000005D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1572-2-0x00000000005F0000-0x00000000005F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1572-1-0x0000000000390000-0x00000000003E4000-memory.dmp

      Filesize

      336KB

      Download

    • memory/1572-13-0x0000000003250000-0x0000000003251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1572-20-0x0000000003250000-0x0000000003251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1572-9-0x0000000002300000-0x0000000002301000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1572-0-0x0000000000400000-0x0000000000537000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/1572-6-0x00000000005A0000-0x00000000005A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1572-21-0x0000000003250000-0x0000000003251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1572-19-0x0000000003250000-0x0000000003251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1572-18-0x0000000003250000-0x0000000003251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1572-17-0x0000000003250000-0x0000000003251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1572-16-0x0000000003250000-0x0000000003251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1572-15-0x0000000003250000-0x0000000003251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1572-14-0x0000000003250000-0x0000000003251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1572-12-0x0000000003250000-0x0000000003251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1572-23-0x0000000003250000-0x0000000003251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1572-37-0x0000000000400000-0x0000000000537000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/1572-11-0x0000000003250000-0x00000000032E8000-memory.dmp

      Filesize

      608KB

      Download

    • memory/2092-28-0x0000000000400000-0x0000000000537000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2092-39-0x0000000000400000-0x0000000000537000-memory.dmp

      Filesize

      1.2MB

      Download