Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

3250fbd90d...18.exe

windows7-x64

10

3250fbd90d...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    09/07/2024, 22:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3250fbd90d024c908106cbec8e9f51bc_JaffaCakes118.exe

  • Size

    41KB

  • MD5

    3250fbd90d024c908106cbec8e9f51bc

  • SHA1

    1778ea02760b5fc2c4215deb7ea3d04502f37345

  • SHA256

    6fba4f77289d1914029f66a23f9042232ceb2d5ee22bca2c323a806034138e3e

  • SHA512

    195fad238b9f0d62581afa13b8a9ff915c2f71d11f6ee7720b1dd59f75da7ece1c3101ad4a885aaca2d2c47b5e905410c169db8568f8223c95a0afc58fae67a3

  • SSDEEP

    768:KvBgclfRsHJhSS2/TsiD9e12jECpBvU+z6Isas06E+:KE/nwTl9e12Jpu+z5ds06E

Score
10/10
adwaredefense_evasionevasionpersistencestealerupx

Malware Config

Signatures

  • Modifies firewall policy service 3 TTPs 2 IoCs
    evasion
  • Blocklisted process makes network request 1 IoCs
  • Drops file in Drivers directory 64 IoCs
  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Deletes itself 1 IoCs
  • Impair Defenses: Safe Mode Boot 1 TTPs 2 IoCs
    defense_evasion
  • Loads dropped DLL 5 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Modifies WinLogon 2 TTPs 8 IoCs
    persistence
  • Drops file in System32 directory 7 IoCs
  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: LoadsDriver 64 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3250fbd90d024c908106cbec8e9f51bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3250fbd90d024c908106cbec8e9f51bc_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Modifies WinLogon
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2948
    • C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\system32\rundll32.exe snjava.dll,snjava C:\Users\Admin\AppData\Local\Temp\3250fbd90d024c908106cbec8e9f51bc_JaffaCakes118.exe
      2⤵
      • Modifies firewall policy service
      • Blocklisted process makes network request
      • Drops file in Drivers directory
      • Deletes itself
      • Impair Defenses: Safe Mode Boot
      • Loads dropped DLL
      • Installs/modifies Browser Helper Object
      • Drops file in System32 directory
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: LoadsDriver
      • Suspicious use of WriteProcessMemory
      PID:792
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 772
        3⤵
        • Program crash
        PID:2748

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\java2.sys
    Filesize

    8KB

    MD5

    0379dacc71dbfbde873f5683f83a4f65

    SHA1

    f4dbb8bf2d34b6f5e7330ca0b6f9217f8e41f0d0

    SHA256

    8bae64289b178ed447f8e86510cc4c33686d35ef0b00ab90765886a961075e8b

    SHA512

    3d628d1370a858d1779bed3d152687878257bb5a4676060719bb1fa2e4b5c0416707476ab94789f68f3549c6650c1e162ed3c6a72ff0259f4a6f71163e4bc65f

    Download Submit

  • \Windows\SysWOW64\snjava.dll
    Filesize

    23KB

    MD5

    13e16461d3d121cbdccd2805ab70e67c

    SHA1

    017a31b829204fc4237bb0fad70c68e2811af3b6

    SHA256

    32d6540b5f4323bf9e93e523ec1edd3f029dc60a90317dcbfbfedbc6db4c58de

    SHA512

    f7010ecc3a29d22a6f742fe7086b460a7678d1412243f0f1322310cf50d5f0bcc68d69f6cd878d65ea3f8e4264086ef80a97a0d376cb77d14fe75974fc988ef3

    Download Submit

  • memory/792-14-0x0000000010000000-0x0000000010040000-memory.dmp

    Filesize

    256KB

    Download

  • memory/792-15-0x0000000010000000-0x0000000010040000-memory.dmp

    Filesize

    256KB

    Download

  • memory/792-227-0x0000000010000000-0x0000000010040000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2948-0-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2948-8-0x0000000010000000-0x0000000010040000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2948-16-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2948-18-0x0000000010000000-0x0000000010040000-memory.dmp

    Filesize

    256KB

    Download