Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

3c74e0a5ad...18.exe

windows7-x64

3

3c74e0a5ad...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    94s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/07/2024, 07:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3c74e0a5adcf788cd53ef694413cc34e_JaffaCakes118.exe

  • Size

    94KB

  • MD5

    3c74e0a5adcf788cd53ef694413cc34e

  • SHA1

    5078b230a4e9ba07072fe17fb4fac6ace26d2c7f

  • SHA256

    3bba0dbd2af5f49e102f1017a89f94b98ecba026ff35e4f2e56624c645819742

  • SHA512

    ff14d72efc0f0fb2d5dab0bd3b9c3667cd55c7d2bc62e4e4d5c4bea5de92ed9d301a6b80cbf94c986717ff844f2b7e639021a2361dee56a1cf85c4af766366a6

  • SSDEEP

    1536:iHCvF6hG6zAgrE5b2l6eRK8r/6GIfIuHSDdmvXoDfL9UZR0v3uoj8fMfFw:74hG6M+lZ3iGIgA/XAfmZ+v5j8fMfFw

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3c74e0a5adcf788cd53ef694413cc34e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3c74e0a5adcf788cd53ef694413cc34e_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious behavior: LoadsDriver
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\rsvp32_2.dll
    Filesize

    76KB

    MD5

    99297d993fbc3cdb7a7befa37d68f37d

    SHA1

    324040248f5cf33d9bca29388a7dff42ccc6db43

    SHA256

    36fd19f2cd3652f3a8e1b1e5f3242a9389f1b38001f8d70f1150e875f613380c

    SHA512

    6c46aa55f0ea778fa1feb52eb12e33cb17934c40dc3014e4b9a8afcf99e4e87286fc189de92987e3bda13d2f4be62e16d337c7b2aef7b16475880d5bdfbb5446

    Download Submit

  • C:\Windows\SysWOW64\sporder.dll
    Filesize

    8KB

    MD5

    a082e5473b2a9a4d846ed7ddf637ac76

    SHA1

    1703f7969a6e76f8458eda3e8e40fd115c0bfdc3

    SHA256

    73f7171c2af70ccf8ee4c49626fb456807a6a668f6a967298dcd5ed29773bd2a

    SHA512

    abc1ea5a46d0784db23ddd9bd984527913c3e40a3896cfa43e9f4f999e4064038b24aed78e27bf2e705c8c55482e801f520987c2a74be6f01edc32df3d235eaa

    Download Submit

  • memory/2912-0-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2912-3-0x0000000000401000-0x0000000000404000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2912-10-0x0000000000401000-0x0000000000404000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2912-9-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download