Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

302006e883...18.exe

windows7-x64

8

302006e883...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    147s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240708-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240708-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/07/2024, 11:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    302006e88392c0574de378602e606f94_JaffaCakes118.exe

  • Size

    40KB

  • MD5

    302006e88392c0574de378602e606f94

  • SHA1

    b0caf8e932f905a9d8599e28c8ebd298a899e7b3

  • SHA256

    08e363584e5ddeb49ea0773f2f3e01f9d202e7bbbf83a327513bf8ac575c1e45

  • SHA512

    12eaddfd0cb385b017b6b4aa542b95910084472fa7e9df7a4ab85cc3e1767e2fb2ce91fbfd41767c7378b706dec74a9685073dd415bf9563817df06a9bd1e6bf

  • SSDEEP

    768:RYcJ1HIAR7cYIgRlGroD+7SvxRXmvY+hAxktTC+vqTqwmA:R51B4YI+PCSbmvvJC+sNP

Score
8/10
upx

Malware Config

Signatures

  • Drops file in Drivers directory 2 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 5 IoCs
  • Gathers network information 2 TTPs 2 IoCs

    Uses commandline utility to view network configuration.

  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\302006e88392c0574de378602e606f94_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\302006e88392c0574de378602e606f94_JaffaCakes118.exe"
    1⤵
    • Drops file in Drivers directory
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2568
    • C:\Windows\SysWOW64\ipconfig.exe
      ipconfig.exe
      2⤵
      • Gathers network information
      PID:2600
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\system32\del09.bat
      2⤵
        PID:4860
    • C:\Windows\SysWOW64\DiskSystem.exe
      C:\Windows\SysWOW64\DiskSystem.exe
      1⤵
      • Drops file in Drivers directory
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:2840
      • C:\Windows\SysWOW64\ipconfig.exe
        ipconfig.exe
        2⤵
        • Gathers network information
        PID:1708
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\del09.bat
        2⤵
          PID:2436

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\SysWOW64\DiskSystem.exe
        Filesize

        40KB

        MD5

        302006e88392c0574de378602e606f94

        SHA1

        b0caf8e932f905a9d8599e28c8ebd298a899e7b3

        SHA256

        08e363584e5ddeb49ea0773f2f3e01f9d202e7bbbf83a327513bf8ac575c1e45

        SHA512

        12eaddfd0cb385b017b6b4aa542b95910084472fa7e9df7a4ab85cc3e1767e2fb2ce91fbfd41767c7378b706dec74a9685073dd415bf9563817df06a9bd1e6bf

        Download Submit

      • C:\Windows\SysWOW64\del09.bat
        Filesize

        218B

        MD5

        84be55e9ca19fa4ac2bd3bceae317ab4

        SHA1

        44e95c651312bdb007d387b884eaa9074922025e

        SHA256

        0092b08ab1212caa3de245d197da77101348d5c5c0c31b32851eab5b20f3d2e3

        SHA512

        89c7a895c5801299947146b7188a9ac9cc0ba2f46b7f7be9e03ad6a07f9279980a3f482e533342aa4949eb628b1fb72e25529cf1ad7e28abcb76778704da6475

        Download Submit

      • C:\Windows\SysWOW64\drivers\FileEngine.sys
        Filesize

        14KB

        MD5

        30588483dec09720b4cfd49bf65f2947

        SHA1

        6716f424fc287f858194e40978f7e61b4fd78879

        SHA256

        31fd3131464082369fbeec52dce72fbc2ab4adb654c0c7ea55aba77dc7760293

        SHA512

        7819a85c8e384d591eeeb4a24092d476dd82fa940345c539127687c5b4ced6f49e9fcf50810750c285163fecc7c32573f71deea888c4ed73c77cb447f88fcdb6

        Download Submit

      • memory/2568-0-0x0000000000400000-0x0000000000415000-memory.dmp

        Filesize

        84KB

        Download

      • memory/2568-1-0x0000000000400000-0x0000000000415000-memory.dmp

        Filesize

        84KB

        Download

      • memory/2568-22-0x0000000000400000-0x0000000000415000-memory.dmp

        Filesize

        84KB

        Download

      • memory/2840-7-0x0000000000400000-0x0000000000415000-memory.dmp

        Filesize

        84KB

        Download

      • memory/2840-9-0x0000000000400000-0x0000000000415000-memory.dmp

        Filesize

        84KB

        Download

      • memory/2840-17-0x0000000000400000-0x0000000000415000-memory.dmp

        Filesize

        84KB

        Download