Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

3204b70b46...18.exe

windows7-x64

7

3204b70b46...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    09/07/2024, 21:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3204b70b46229beea300c5a990d8e49f_JaffaCakes118.exe

  • Size

    88KB

  • MD5

    3204b70b46229beea300c5a990d8e49f

  • SHA1

    9c88a852b64aa5c07b2773a312b15ea6addb3f79

  • SHA256

    9f56588a14c7a64e217eabe9d37234b1b4aa8361a8aa8fe44d81ca7a2cd3e9a0

  • SHA512

    b0b823a373ddb54d77b9850945c9582f6574f81f61e88ade9ddc81f766369c3b0ceca13ce5050b42b4bcf73105841dc7a03da68b0db6d1d45d4f43f92f9a5e22

  • SSDEEP

    1536:/Gy/XqiufYkNWP4c+GZWpAmNbZEs1bwHOb4nm3pT2aadFFWc8aOb4nm3pT2aad0:7SOP7wbZE0wHW64NaWh

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3204b70b46229beea300c5a990d8e49f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3204b70b46229beea300c5a990d8e49f_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1940
    • C:\fuck__Duba.com
      C:\fuck__Duba.com
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2144
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c C:\Users\Admin\AppData\Local\Temp\fuck__Dubakill.bat
        3⤵
          PID:2404

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\fuck__Dubakill.bat
      Filesize

      82B

      MD5

      a5483cf5481b7805ee19c0256744924e

      SHA1

      d5535a4c8030ffbd7f60116e585ef6b2a9d84072

      SHA256

      421ec1396e428830f4f939c9020f1cd8cd8ea8544198e5c444c27330fbdc4fec

      SHA512

      6124c7152e7a1e679b0c693bc92db88da159d24f4d7412f06481f23bca96c73267ac482cb74bf2f94c52495744b16d769b7a8b1a470490b88615da63bbaf9b96

      Download Submit

    • C:\fuck__Duba.com
      Filesize

      64KB

      MD5

      70a3e8b9b59d6d9e3e189ce119bd2b28

      SHA1

      b554cfabb6f0e817af8ec1d1f75d778235384adb

      SHA256

      d79c518dabec18851c712a0ee0582368978d036852b03d82810291aabc350749

      SHA512

      27d3831e5e7ebecff5a021671da3288e8c5a62fb52b000dfded7bff58f7471aefefd7f697fe64a4cb5f02d2627ba483fba5fbb971d3df3c4ff071e9e620101a0

      Download Submit

    • memory/1940-9-0x0000000000290000-0x00000000002B4000-memory.dmp

      Filesize

      144KB

      Download

    • memory/1940-8-0x0000000000290000-0x00000000002B4000-memory.dmp

      Filesize

      144KB

      Download

    • memory/2144-10-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download

    • memory/2144-21-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download