Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

38b7ac8d59...18.exe

windows7-x64

10

38b7ac8d59...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    11/07/2024, 10:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    38b7ac8d595e2af2e26a3d13aa4dc6dc_JaffaCakes118.exe

  • Size

    92KB

  • MD5

    38b7ac8d595e2af2e26a3d13aa4dc6dc

  • SHA1

    855779e22bcefef74cd73e0ea9d5fb36b6fad34d

  • SHA256

    40f8fd4a504eb1201cdfb764b7583836c39fa8b6c312e6cf6821e550623e271c

  • SHA512

    99b642ed9b1bc7b6c38ee48dca62007ee3495dffdebba2c0a75bd9650a422713b863fc944559cdcfb07c16bb71aa52c30ad938f5a11446b43e2e47c4c6255b27

  • SSDEEP

    1536:KcvNmNqJbtdiivGVR6njalbA/yTgFmLrgc1cWcZc+c5cusZy7xp0gZPk5:pOqJtdJy8iAyzZPO

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 52 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\38b7ac8d595e2af2e26a3d13aa4dc6dc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\38b7ac8d595e2af2e26a3d13aa4dc6dc_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2348
    • C:\Users\Admin\boecau.exe
      "C:\Users\Admin\boecau.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2140

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\boecau.exe
    Filesize

    92KB

    MD5

    c0def01c23897d23e71f8f2e133aae8b

    SHA1

    938bb8e9527d2f71eb0423121bb25a3c8ec082ff

    SHA256

    db1a0e1e4f6028699fb818ade1ebbb0901256cc0ed47e60a7df8eba48599b5b8

    SHA512

    889c30d55bf7a81a8572618614e6ef791299c9c3cf5ab414759e9ca480767edc7d1f242003303f34085a753cbd76af663c1e4ec18e475377ee18dbd96a0a431b

    Download Submit