Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    140s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    09/07/2024, 21:14

General

  • Target

    31ffdcf9db6f4adb0a48751fab8b30b4_JaffaCakes118.exe

  • Size

    292KB

  • MD5

    31ffdcf9db6f4adb0a48751fab8b30b4

  • SHA1

    d350e6998ee8b9f35f4b46a38dfe3553cb722e2c

  • SHA256

    3c4e582214f06af76d67619585bc68331f8d55c77c74b66445e66865f020249f

  • SHA512

    ad25fc9d0d49cb024c657ad300e447ac3f76703e715fb6f1ff573abe22c7cea64dc20f0d50b67ce899f9c20ce8db88ddd3028e74320b61c51d56a7843739e03b

  • SSDEEP

    6144:ryH7xOc6H5c6HcT66vlmuJCoDgGDpPsr6h5jUJea:rac3sk6vgz

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Program Files directory 44 IoCs
  • Drops file in Windows directory 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\31ffdcf9db6f4adb0a48751fab8b30b4_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\31ffdcf9db6f4adb0a48751fab8b30b4_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1412
    • C:\Windows\svchost.exe
      "C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\31ffdcf9db6f4adb0a48751fab8b30b4_JaffaCakes118.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2096
      • C:\Users\Admin\AppData\Local\Temp\31ffdcf9db6f4adb0a48751fab8b30b4_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\31ffdcf9db6f4adb0a48751fab8b30b4_JaffaCakes118.exe"
        3⤵
        • Executes dropped EXE
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2396
  • C:\Windows\svchost.exe
    C:\Windows\svchost.exe
    1⤵
    • Executes dropped EXE
    • Drops file in Program Files directory
    PID:2548

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\31ffdcf9db6f4adb0a48751fab8b30b4_JaffaCakes118.exe

    Filesize

    257KB

    MD5

    d9eefeba4a66c6fd2b615a2eb3b3f939

    SHA1

    10684d83a67662798f95b0f883546d16a4b411dc

    SHA256

    fc55c2467a983bfcaafea3a9bc74259c8fcb82761b064925263013c33ca61124

    SHA512

    4b76110cff62d0c240484cfd57ecdaf75b29e9b7bbc506167ea40b3aab34ea022f5443ba4fc44e474ff61d2f6b3e8cb53ff3ff575e5b10fa49e1480861bf07a5

  • C:\Windows\svchost.exe

    Filesize

    35KB

    MD5

    9e3c13b6556d5636b745d3e466d47467

    SHA1

    2ac1c19e268c49bc508f83fe3d20f495deb3e538

    SHA256

    20af03add533a6870d524a7c4753b42bfceb56cddd46016c051e23581ba743f8

    SHA512

    5a07ba8a7fcb15f64b129fada2621252b8bc37eb34d4f614c075c064f8ac0d367301eba0c32c5e28b8aa633f6ab604f0dfcc363b34734ce0207ef0d4e8817c4b

  • memory/1412-5-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

  • memory/2096-16-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

  • memory/2548-38-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

  • memory/2548-43-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

  • memory/2548-49-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB