Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2e5bba0acc...18.exe

windows7-x64

7

2e5bba0acc...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    09/07/2024, 00:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2e5bba0acc91e34c1a73aa27360cd95c_JaffaCakes118.exe

  • Size

    130KB

  • MD5

    2e5bba0acc91e34c1a73aa27360cd95c

  • SHA1

    ff0104b4b17be883108eadf76b8629eafbc7a604

  • SHA256

    6f373a7297a95aa16c4cfd71246b6654d514a985fd3e2dfb2bb71b988cea4b53

  • SHA512

    b98956f7cd30d7da720a8fa59b8baa9c671838426b84b34f85802211da26c4dd89abc9a9aaf4509844a9e8605494ce8507f812370e1136ea31d678d40d1e9b70

  • SSDEEP

    3072:F/5TRrRQh2vlrtUwAKvynMkYbaMtZFskVH4p:F/lxW2vlBG6kYbn/

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2e5bba0acc91e34c1a73aa27360cd95c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2e5bba0acc91e34c1a73aa27360cd95c_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1848
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c 2.bat
      2⤵
        PID:2784
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c 2.bat
        2⤵
          PID:2864

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\2.bat
        Filesize

        63B

        MD5

        dccc514e635c1669c2d30b6c1a3c66aa

        SHA1

        d040cb16427a421f73a696db4922dafcd5aef59a

        SHA256

        ef7c3100284c53bd53f56348156360a06b22c30dec586727b9c8087f30bade2d

        SHA512

        c3bf049aaf7ad0859ce502acdc48e90045d37427c2634b844385fc0c1d34b9d6f10190aba638438f5714b916d855f0cab8907e77c6aa9525c8b6d8b2a6cd52fb

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\2.bat
        Filesize

        62B

        MD5

        3cd72266d36b15d25f3d13498c147cf5

        SHA1

        a73de434273407079c50506663f5ff3a88598fb3

        SHA256

        55adff3f51479fc283bef41f8011170d0d3b15a3f92f49d41d53fcdaebc5d565

        SHA512

        17370bff47ba5296771af321a1f17a7527580b1fc5f89a0d5e08d0b3027f5a35a06af795a1518fee15bb2837ec3c045d9e90350a23eca8855b04e2b2245c6f0d

        Download Submit

      • \Windows\Help\B41346EFA848.dll
        Filesize

        117KB

        MD5

        1e92cc090bcd266e390a736ee9dbd966

        SHA1

        1086f579d56f876c7d87eabe193a60dbdc2e3368

        SHA256

        4c017e11affaab8534bd8edca4cabd5ee802494d364741906476a5c8a3b00e4e

        SHA512

        8165ad35ceb560e3a61be89ee1a673f360f12e447b658f26a14b48de7576a8b056d798b3082ee85c051b5f78320e15919fbcfa7fd3a0a50d2d1da86edac8fa8d

        Download Submit

      • memory/1848-7-0x0000000000400000-0x000000000042F000-memory.dmp

        Filesize

        188KB

        Download

      • memory/1848-8-0x000000000042E000-0x000000000042F000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1848-23-0x00000000002B0000-0x0000000000300000-memory.dmp

        Filesize

        320KB

        Download

      • memory/1848-24-0x0000000000400000-0x000000000042F000-memory.dmp

        Filesize

        188KB

        Download

      • memory/1848-27-0x00000000002B0000-0x0000000000300000-memory.dmp

        Filesize

        320KB

        Download