Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/07/2024, 18:43

General

  • Target

    35ee2341f375946b8a443c5fe92deeb2_JaffaCakes118.exe

  • Size

    100KB

  • MD5

    35ee2341f375946b8a443c5fe92deeb2

  • SHA1

    3ce3876dc104349fed9d482bca45a390c4e62887

  • SHA256

    650f482b03b649e52a666d25a8d27cf0c6bea33e1bd9c228ab10806caf11bc7e

  • SHA512

    6c777976a9cba345a81d60ee7717b1f09ded1e274f33fec149ca16b2435f52bb2f451d7eadf812aef052ebdb95efed70d9d84c6bea036c26a77677e095e32c02

  • SSDEEP

    1536:s1tGt82NTzwYMGAc4ohrPXo+73Rez8b0SysNIjP:VwHurPX7CsCP

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 52 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\35ee2341f375946b8a443c5fe92deeb2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\35ee2341f375946b8a443c5fe92deeb2_JaffaCakes118.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3812
    • C:\Users\Admin\suoemu.exe
      "C:\Users\Admin\suoemu.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:208

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\suoemu.exe

    Filesize

    100KB

    MD5

    f85c8d9c18754a3d9c7b3362f853089c

    SHA1

    ee2fac4285763e63db2c3434e9166b2d2b8792f8

    SHA256

    d5981c03c0ceca3f2aef605a64a71725e174712e01732748bd6d98ac29941de6

    SHA512

    8263627eb631ad3c4aa12dc6a943fa271821624fd13bc24c6729b269639c128ca1bada5e2f634390989448eb76bf5c2e9445c71c24e79fd32d4a8ca007a9aca9