Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

3b80d58650...18.exe

windows7-x64

10

3b80d58650...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    12/07/2024, 01:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3b80d58650078c92bcb5c7e524350ea7_JaffaCakes118.exe

  • Size

    124KB

  • MD5

    3b80d58650078c92bcb5c7e524350ea7

  • SHA1

    b20e6a795d41d9454c714b76b446cb45bf58ddae

  • SHA256

    4d8b1635216fdda1b97aacd31f8274e794914a526b5b1d448ba996636407ac12

  • SHA512

    63eb0978960b44eb13f349e724acfc3e1197c7780fb1c8e433e71aebbefe096b82c2ff57119aa75e285b7e57269f6ba16b36fa18bf3907ec9ac238ad6aeb6942

  • SSDEEP

    1536:KJtkj7TQZU0GgAJa0P1kNmKldCMhdu8KWP/nTn8nBP9VeRPNeG0h/y:AkjAZU0GgAT9QIq

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 53 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3b80d58650078c92bcb5c7e524350ea7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3b80d58650078c92bcb5c7e524350ea7_JaffaCakes118.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2588
    • C:\Users\Admin\cuuiho.exe
      "C:\Users\Admin\cuuiho.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2696

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\cuuiho.exe
    Filesize

    124KB

    MD5

    386ecfdb73b3072369797ac3074a3e6e

    SHA1

    466ad899642ecf799dd1633d1a73e05eda660149

    SHA256

    ae6cbaa9d007da6545ecc3bd3116c9443524bb8400205beb60ba593be863ee99

    SHA512

    c7e77a70631e004e17f975060d80ed34e80ac38d643c27c66c459078edd65aaa6bc49b3e2d7cf922c2a6123dd2637824e7280c0e0c0aa0dcb874d3633bc1a561

    Download Submit