Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

3c464ad525...18.exe

windows7-x64

7

3c464ad525...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    12/07/2024, 06:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3c464ad52529a43af054503ca89bff6a_JaffaCakes118.exe

  • Size

    103KB

  • MD5

    3c464ad52529a43af054503ca89bff6a

  • SHA1

    fceb721248deac3f3e365d77568859552d218eef

  • SHA256

    544edd1531b2599607bde440b23e18d836dec80174060b871fc8faf7b702bb41

  • SHA512

    529177d25561d7f2877fcd6487b6ce97d9ee848d985ab41f45480899c8051d5c7be8f02867cc9fc50717808f37c64087606d7edfd6c3d5c49d463aca80e70da8

  • SSDEEP

    3072:Zq60TUZO9pMwCo9mfEE2mTSnqG1oRqhBxQiOxejr:8ZTU492wCGm/enq6oRABxC

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Drops file in System32 directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3c464ad52529a43af054503ca89bff6a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3c464ad52529a43af054503ca89bff6a_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2304
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s C:\WINDOWS\system32\MSINET.OCX
      2⤵
      • Loads dropped DLL
      • Modifies registry class
      PID:2176
    • C:\Users\Admin\AppData\Local\Temp\3c464ad52529a43af054503ca89bff6a_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\3c464ad52529a43af054503ca89bff6a_JaffaCakes118.exe
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1980
      • C:\Windows\SysWOW64\regsvr32.exe
        regsvr32 /s C:\WINDOWS\system32\MSINET.OCX
        3⤵
        • Loads dropped DLL
        • Modifies registry class
        PID:3068
      • C:\Windows\SysWOW64\ctfmon.exe
        ctfmon.exe
        3⤵
          PID:1836

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\WINDOWS\SysWOW64\MSINET.OCX
      Filesize

      62KB

      MD5

      f15fff6a8547d03a2db82264075d34e7

      SHA1

      adca52fb990b2109f22540356a0ead3e5481684e

      SHA256

      d8eb0d4cbd89e6907284291594ee63f1321058ccda547c2adc92ee49e429173b

      SHA512

      b94773f3e2c4399c8310c275e6e85808273016febaffbe52f7dc8d48a7f051217bfcdefd2a067aa97325754669091a419cfc0e659b36ab0bc66d1bd80c2d48cc

      Download Submit

    • C:\WINDOWS\SysWOW64\Move.Data
      Filesize

      24KB

      MD5

      2729834b9cd020fe63ea0817af3383f4

      SHA1

      e0048b9340ad4eeab3c03c825b862e33fe26568e

      SHA256

      b0666185eb0f9178a5eba9fa44b0811ca71626961ae8618b76fcbd5d8854ed49

      SHA512

      f16f80d4c052a23c2c2a6250ebfef8c82f8e96a8b0096a7a28e3b157a9ba1176202503bbd03c2fb31face7b5ace016395f8c31d5fdfb115d1ce538e9c7c6ecad

      Download Submit

    • \??\c:\zt.dll
      Filesize

      5B

      MD5

      d5cd9f572ebe004f98d8afb856d232c2

      SHA1

      584079f5d23dd1142ce6c42561934fb3200150cf

      SHA256

      773ac3bfde8adb749433b89f1e62d185687558b2ee1383c8e7dfba930c22467d

      SHA512

      6fb8ca1331313fc9a9b9240766c65b448956398a7a920e0b7132dc5800c69ead4bd4400a87a62eb9ee78a9912cd0fbcaa017596db2f5811db7fbc6542c75fe8e

      Download Submit

    • memory/1980-25-0x00000000234C0000-0x00000000234EE000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1980-26-0x00000000234C0000-0x00000000234EE000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1980-43-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/1980-34-0x0000000004830000-0x00000000052EA000-memory.dmp

      Filesize

      10.7MB

      Download

    • memory/1980-13-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/1980-33-0x00000000234C0000-0x00000000234EE000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1980-31-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/1980-27-0x0000000000270000-0x0000000000271000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2176-7-0x00000000234C0000-0x00000000234EE000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2176-6-0x00000000234C0000-0x00000000234EE000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2304-28-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2304-30-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2304-0-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2304-12-0x00000000003B0000-0x00000000003E6000-memory.dmp

      Filesize

      216KB

      Download

    • memory/3068-19-0x00000000234C0000-0x00000000234EE000-memory.dmp

      Filesize

      184KB

      Download