Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

302006e883...18.exe

windows7-x64

8

302006e883...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    52s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    09/07/2024, 11:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    302006e88392c0574de378602e606f94_JaffaCakes118.exe

  • Size

    40KB

  • MD5

    302006e88392c0574de378602e606f94

  • SHA1

    b0caf8e932f905a9d8599e28c8ebd298a899e7b3

  • SHA256

    08e363584e5ddeb49ea0773f2f3e01f9d202e7bbbf83a327513bf8ac575c1e45

  • SHA512

    12eaddfd0cb385b017b6b4aa542b95910084472fa7e9df7a4ab85cc3e1767e2fb2ce91fbfd41767c7378b706dec74a9685073dd415bf9563817df06a9bd1e6bf

  • SSDEEP

    768:RYcJ1HIAR7cYIgRlGroD+7SvxRXmvY+hAxktTC+vqTqwmA:R51B4YI+PCSbmvvJC+sNP

Score
8/10
upx

Malware Config

Signatures

  • Drops file in Drivers directory 2 IoCs
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 3 IoCs
  • Gathers network information 2 TTPs 2 IoCs

    Uses commandline utility to view network configuration.

  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\302006e88392c0574de378602e606f94_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\302006e88392c0574de378602e606f94_JaffaCakes118.exe"
    1⤵
    • Drops file in Drivers directory
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:624
    • C:\Windows\SysWOW64\ipconfig.exe
      ipconfig.exe
      2⤵
      • Gathers network information
      PID:924
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\system32\del09.bat
      2⤵
      • Deletes itself
      PID:2592
  • C:\Windows\SysWOW64\DiskSystem.exe
    C:\Windows\SysWOW64\DiskSystem.exe
    1⤵
    • Drops file in Drivers directory
    • Executes dropped EXE
    • Suspicious use of WriteProcessMemory
    PID:2768
    • C:\Windows\SysWOW64\ipconfig.exe
      ipconfig.exe
      2⤵
      • Gathers network information
      PID:2296

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\DiskSystem.exe
    Filesize

    40KB

    MD5

    302006e88392c0574de378602e606f94

    SHA1

    b0caf8e932f905a9d8599e28c8ebd298a899e7b3

    SHA256

    08e363584e5ddeb49ea0773f2f3e01f9d202e7bbbf83a327513bf8ac575c1e45

    SHA512

    12eaddfd0cb385b017b6b4aa542b95910084472fa7e9df7a4ab85cc3e1767e2fb2ce91fbfd41767c7378b706dec74a9685073dd415bf9563817df06a9bd1e6bf

    Download Submit

  • C:\Windows\SysWOW64\del09.bat
    Filesize

    218B

    MD5

    84be55e9ca19fa4ac2bd3bceae317ab4

    SHA1

    44e95c651312bdb007d387b884eaa9074922025e

    SHA256

    0092b08ab1212caa3de245d197da77101348d5c5c0c31b32851eab5b20f3d2e3

    SHA512

    89c7a895c5801299947146b7188a9ac9cc0ba2f46b7f7be9e03ad6a07f9279980a3f482e533342aa4949eb628b1fb72e25529cf1ad7e28abcb76778704da6475

    Download Submit

  • C:\Windows\SysWOW64\drivers\FileEngine.sys
    Filesize

    14KB

    MD5

    30588483dec09720b4cfd49bf65f2947

    SHA1

    6716f424fc287f858194e40978f7e61b4fd78879

    SHA256

    31fd3131464082369fbeec52dce72fbc2ab4adb654c0c7ea55aba77dc7760293

    SHA512

    7819a85c8e384d591eeeb4a24092d476dd82fa940345c539127687c5b4ced6f49e9fcf50810750c285163fecc7c32573f71deea888c4ed73c77cb447f88fcdb6

    Download Submit

  • memory/624-0-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/624-1-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/624-23-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2768-6-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download