Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

3b6807924f...18.exe

windows7-x64

7

3b6807924f...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/07/2024, 00:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3b6807924f3589be3c6c6a786f82dc3d_JaffaCakes118.exe

  • Size

    15KB

  • MD5

    3b6807924f3589be3c6c6a786f82dc3d

  • SHA1

    f9e213eb3fe444ff3dd99a9d47096db9df6ca044

  • SHA256

    dafbf901963ec2be49c329c9691976047a840f7a230f6d8f3b745be7db97bcca

  • SHA512

    47c2691e4c3bc091fc06b7de645c4c0e2f780a99afdfac53809c84aafd2fc23bed479b209f293295b0f229e6a99afdddc6b52d6ec422ca90923fe2fbb9f28b14

  • SSDEEP

    384:MwhMBeXKGx6WKV0Rl08wLso2bqGzEJHjkXZA26Zx6b:SBep0WKen9bqwijkX+26Zx6b

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3444
      • C:\Users\Admin\AppData\Local\Temp\3b6807924f3589be3c6c6a786f82dc3d_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\3b6807924f3589be3c6c6a786f82dc3d_JaffaCakes118.exe"
        2⤵
        • Loads dropped DLL
        • Drops file in System32 directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: LoadsDriver
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2424
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c del "C:\Users\Admin\AppData\Local\Temp\3b6807924f3589be3c6c6a786f82dc3d_JaffaCakes118.exe"
          3⤵
            PID:1960

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\SysWOW64\qmid.dll
        Filesize

        3KB

        MD5

        19391d22d6994bfb7154df22a0d984f2

        SHA1

        c3256512d57c71eb07f1390f98561d84e83b2062

        SHA256

        08d82e653596a06155bba951d63c1040de7fea041a7a57c83636d949c0367799

        SHA512

        8be30990db357ac1d2bc873ebf704341ddd306f01ace5471e84e4fc0e09cb5eb110390dfab7734f66311244e5b2d714916bbd7f8263674c95d9c089807fe33a5

        Download Submit

      • memory/2424-11-0x0000000010000000-0x000000001000F000-memory.dmp

        Filesize

        60KB

        Download

      • memory/2424-12-0x0000000010000000-0x000000001000F000-memory.dmp

        Filesize

        60KB

        Download