Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

39451765b5...18.exe

windows7-x64

7

39451765b5...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    11/07/2024, 13:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    39451765b5d2e90cceab67706671adff_JaffaCakes118.exe

  • Size

    635KB

  • MD5

    39451765b5d2e90cceab67706671adff

  • SHA1

    980f4d1538da6b368745c404290c1886cb021bba

  • SHA256

    69396884385a6f57a06486b96dc2d5d8328bdd729e9064955bee51c4d76c94b5

  • SHA512

    225e2025d0b1c20d46d0fd8a98a659f381346fd136df630fc9ae412a6bf4fbe00e03595e2570a44195e48ebae2ca02f82e211f61862f620431d56a5df98638c1

  • SSDEEP

    12288:DascEJ+CwihxaDPoYXIG64LzakT50F3Z4mxxGCknbPHZzOS9kRf2+lIJeG:D1Y7pDPTzn0QmXCbxOS9Cf2v

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\39451765b5d2e90cceab67706671adff_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39451765b5d2e90cceab67706671adff_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2696
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\uninstal.bat
      2⤵
      • Deletes itself
      PID:2628
  • C:\Windows\svchost.exe
    C:\Windows\svchost.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:3008
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
      2⤵
        PID:2584

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\svchost.exe
      Filesize

      635KB

      MD5

      39451765b5d2e90cceab67706671adff

      SHA1

      980f4d1538da6b368745c404290c1886cb021bba

      SHA256

      69396884385a6f57a06486b96dc2d5d8328bdd729e9064955bee51c4d76c94b5

      SHA512

      225e2025d0b1c20d46d0fd8a98a659f381346fd136df630fc9ae412a6bf4fbe00e03595e2570a44195e48ebae2ca02f82e211f61862f620431d56a5df98638c1

      Download Submit

    • C:\Windows\uninstal.bat
      Filesize

      218B

      MD5

      8c5f522d18163e9c0e0d56db447d72b9

      SHA1

      b024f34bdd6a6874d79a18c6af772f7f7ba3e2c4

      SHA256

      e0c04fe541ef8a92c789f958e336b691e8fb341a8463ee5c3d607a38d211a493

      SHA512

      e505454678aff1f3482c3b272f7d872f6e807c0a46fa533f0c92a960269b3484170368cc5a32ff91dbbe7abdee5d9f121cbb073104e9c7d05c9e41712cb875f2

      Download Submit

    • memory/2696-20-0x0000000000660000-0x0000000000661000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2696-7-0x0000000000540000-0x0000000000541000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2696-12-0x0000000003290000-0x0000000003293000-memory.dmp

      Filesize

      12KB

      Download

    • memory/2696-11-0x0000000000560000-0x0000000000561000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2696-19-0x0000000000630000-0x0000000000631000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2696-31-0x00000000002B0000-0x00000000002B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2696-30-0x00000000032B0000-0x00000000032B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2696-29-0x00000000002A0000-0x00000000002A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2696-28-0x00000000032E0000-0x00000000032E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2696-27-0x0000000002000000-0x0000000002001000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2696-26-0x0000000002010000-0x0000000002011000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2696-25-0x0000000000680000-0x0000000000681000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2696-24-0x0000000001FB0000-0x0000000001FB1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2696-23-0x0000000001FD0000-0x0000000001FD1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2696-22-0x0000000001FF0000-0x0000000001FF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2696-21-0x00000000005A0000-0x00000000005A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2696-18-0x0000000000640000-0x0000000000641000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2696-0-0x0000000000400000-0x0000000000522000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/2696-2-0x00000000003F0000-0x00000000003F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2696-16-0x0000000000590000-0x0000000000591000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2696-15-0x0000000000650000-0x0000000000651000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2696-14-0x00000000005F0000-0x00000000005F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2696-13-0x0000000000610000-0x0000000000611000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2696-10-0x00000000032A0000-0x00000000032A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2696-6-0x00000000002C0000-0x00000000002C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2696-5-0x00000000002D0000-0x00000000002D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2696-4-0x0000000000550000-0x0000000000551000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2696-3-0x00000000002F0000-0x00000000002F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2696-17-0x0000000000580000-0x0000000000581000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2696-1-0x0000000000390000-0x00000000003E4000-memory.dmp

      Filesize

      336KB

      Download

    • memory/2696-8-0x0000000000530000-0x0000000000531000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2696-45-0x0000000000390000-0x00000000003E4000-memory.dmp

      Filesize

      336KB

      Download

    • memory/2696-9-0x00000000032A0000-0x00000000032A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2696-44-0x0000000000400000-0x0000000000522000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/3008-35-0x0000000000400000-0x0000000000522000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/3008-47-0x0000000000400000-0x0000000000522000-memory.dmp

      Filesize

      1.1MB

      Download