Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

320075e33f...18.exe

windows7-x64

7

320075e33f...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    09/07/2024, 21:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    320075e33fac99eaee9d572c189d07e8_JaffaCakes118.exe

  • Size

    230KB

  • MD5

    320075e33fac99eaee9d572c189d07e8

  • SHA1

    6b2ca9960ebedbe7e369f0f9f2429e5a320586c9

  • SHA256

    f45c0c31e5b2fe74a42738056ce29f433faa06af893b3838dee1c3c890d43bfc

  • SHA512

    c5a7e4b85b60a56be9f0b54dae2e3e5363ee732a61c4f8af03041ab21b8b8dbf0d60c2ba18727f8c8f12b691fe6ace6b994e617cd29993437b544da6c0007ec3

  • SSDEEP

    6144:XpJ8yUj4nWUNUkpprAMoCzghZu3pNHmYe3DmJztw9/o:XVWUNUIAMoQeu3pNzoDmJztq

Score
7/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\320075e33fac99eaee9d572c189d07e8_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\320075e33fac99eaee9d572c189d07e8_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1928
    • C:\Windows\Snajia.exe
      C:\Windows\Snajia.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      PID:1616

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Snajia.exe
    Filesize

    230KB

    MD5

    320075e33fac99eaee9d572c189d07e8

    SHA1

    6b2ca9960ebedbe7e369f0f9f2429e5a320586c9

    SHA256

    f45c0c31e5b2fe74a42738056ce29f433faa06af893b3838dee1c3c890d43bfc

    SHA512

    c5a7e4b85b60a56be9f0b54dae2e3e5363ee732a61c4f8af03041ab21b8b8dbf0d60c2ba18727f8c8f12b691fe6ace6b994e617cd29993437b544da6c0007ec3

    Download Submit

  • C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
    Filesize

    372B

    MD5

    151bbf843dc9ebec76eac04f2f00106f

    SHA1

    18b4cb6a8be183c519962bc596e1909e406469ce

    SHA256

    dde430a6624bfbc08bfc29339860bac1548880895a444b07191a154ac31a2413

    SHA512

    0372b1e2a0208409bddfd8ef04be3984133710ea133b41add9c9449c735c0c0bedb5b30167b35e51353e9d235cdddb43718d5fb024c36b1d89ee63efca305d28

    Download Submit

  • memory/1616-10-0x0000000000400000-0x000000000043B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/1616-51676-0x0000000000400000-0x000000000043B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/1616-51684-0x0000000000400000-0x000000000043B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/1616-51679-0x0000000000400000-0x000000000043B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/1616-12-0x0000000000400000-0x000000000043B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/1616-11-0x0000000000400000-0x000000000043B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/1616-51677-0x0000000000400000-0x000000000043B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/1616-51675-0x0000000000400000-0x000000000043B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/1616-51672-0x0000000000400000-0x000000000043B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/1928-51671-0x0000000000400000-0x000000000043B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/1928-7-0x0000000001F20000-0x0000000001F5B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/1928-1-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1928-2-0x0000000000400000-0x000000000043B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/1928-0-0x0000000000400000-0x000000000043B000-memory.dmp

    Filesize

    236KB

    Download