Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

3c07238fb7...18.exe

windows7-x64

7

3c07238fb7...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/07/2024, 04:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3c07238fb7536ee9a10f6c653ec83226_JaffaCakes118.exe

  • Size

    66KB

  • MD5

    3c07238fb7536ee9a10f6c653ec83226

  • SHA1

    f2e297e21a4eceeba997b2dc2489def5b2e1af4d

  • SHA256

    dc3ead569b5db362822f70aed44ff9b280dea7e0d859f2904b31a7fb9ed64e45

  • SHA512

    934ed4bc0c64a2ea529fc44c09ef90124af15c37b22c4f4fb4f3fc8d4bb5f3ce981defd05b266e3aa3d928c57f6afa56ca70b39cde25cbe1c8677b9ba082e575

  • SSDEEP

    1536:+1+GA2ok4xmlKRUXq2qN9y0CtwKeCF1zQ/b3jtbNoXP1XvrVrfw:+1+GVok8WXq2s9yptfyTBbiFJ7

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\winlogon.exe
    winlogon.exe
    1⤵
      PID:612
    • C:\Users\Admin\AppData\Local\Temp\3c07238fb7536ee9a10f6c653ec83226_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\3c07238fb7536ee9a10f6c653ec83226_JaffaCakes118.exe"
      1⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3532
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c C:\Windows\240620750.bat
        2⤵
          PID:896

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\240620562.dll
        Filesize

        53KB

        MD5

        7d66a217c027eb1381aeeaa748244779

        SHA1

        acfd3c6446dd32b9620e4e6f6a4d71140a4cc2a6

        SHA256

        fdf9607d09e4ac4a26589067780666f3e99bd4cc07ab892ef5efe15fa88b698c

        SHA512

        5a50f497a69a9c9a36df813a3c70019ca55278b52ba7a6ca1970cba4db21e51ed6feb0a382133d03462b9b0f6b7df6625c6b890e9c45dd5dbc0d047ca1810a08

        Download Submit

      • C:\Windows\240620750.bat
        Filesize

        219B

        MD5

        0a9b0a1e304410e28a064bdc7fb09acb

        SHA1

        cbbb6ad2fb51c095acacb2f9bff7295f35256d0a

        SHA256

        97fcaf6bf02b42cfcf29ebabb99626dff86a76fd3fdd688b64c7b086443a7d80

        SHA512

        80edb9bb48c591b20ee8c1fd0e902b075105e3a6769cde4fafcaad65c2141da54b3aa85028e1e66656ec0af4e0c8802d113b13cd0a4eaefae221af998ea089ae

        Download Submit

      • memory/3532-2-0x0000000000400000-0x0000000000437000-memory.dmp

        Filesize

        220KB

        Download

      • memory/3532-5-0x0000000000400000-0x0000000000437000-memory.dmp

        Filesize

        220KB

        Download

      • memory/3532-6-0x0000000002080000-0x0000000002081000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3532-13-0x0000000000010000-0x0000000000028000-memory.dmp

        Filesize

        96KB

        Download

      • memory/3532-14-0x0000000000400000-0x0000000000437000-memory.dmp

        Filesize

        220KB

        Download