Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

3d471a83ed...18.exe

windows7-x64

7

3d471a83ed...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/07/2024, 11:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3d471a83ed7c39a7c1c6c30f542f690c_JaffaCakes118.exe

  • Size

    106KB

  • MD5

    3d471a83ed7c39a7c1c6c30f542f690c

  • SHA1

    0095881939a2373587992c8630da1ccbc5cd5061

  • SHA256

    7fc57190388ab4a4454026b364d9a58a3ed0a193282500542a09984c12002532

  • SHA512

    f7550e10d7069b057ca6518dc040c8ddbe5edd6680325c615051d33464535b36bc69318dc85aee7a161f9afd57305abe8163b9dc5fabba8b7d941a4d5934a542

  • SSDEEP

    768:ovAbpyCVU4NGMMD3016VY1q/miAK7TubFBCLmRdnukufMZg+sddagY8WL:oIdfgD3//zTACWZuDEZPseMWL

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3516
      • C:\Users\Admin\AppData\Local\Temp\3d471a83ed7c39a7c1c6c30f542f690c_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\3d471a83ed7c39a7c1c6c30f542f690c_JaffaCakes118.exe"
        2⤵
        • Checks computer location settings
        • Suspicious use of WriteProcessMemory
        PID:4204
        • C:\Users\Admin\AppData\Local\Temp\explore.exe
          "C:\Users\Admin\AppData\Local\Temp\explore.exe"
          3⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:5056

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\explore.exe
      Filesize

      29KB

      MD5

      3b176b217b93eac55225db0d258e7978

      SHA1

      cffe9297e90eadca5f13b6be894fa92f36112120

      SHA256

      21548c95754b64596917376fa61dce24519d6532342708aef4c5359d9f53f44a

      SHA512

      63a01c711e0dda23c78cbf4fd912b6b0d95c55bbdb9d2dc84533252263de8fed8a25e5f04917d2023d80a45618ac867fd42130d35dbdf197851f5924ed674223

      Download Submit

    • memory/3516-20-0x000000007FFC0000-0x000000007FFC6000-memory.dmp

      Filesize

      24KB

      Download

    • memory/3516-18-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4204-4-0x000000001C1D0000-0x000000001C26C000-memory.dmp

      Filesize

      624KB

      Download

    • memory/4204-0-0x00007FFB23EC5000-0x00007FFB23EC6000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4204-6-0x0000000000F00000-0x0000000000F08000-memory.dmp

      Filesize

      32KB

      Download

    • memory/4204-5-0x00007FFB23C10000-0x00007FFB245B1000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/4204-7-0x000000001C310000-0x000000001C35C000-memory.dmp

      Filesize

      304KB

      Download

    • memory/4204-8-0x00007FFB23C10000-0x00007FFB245B1000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/4204-2-0x00007FFB23C10000-0x00007FFB245B1000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/4204-3-0x000000001BD00000-0x000000001C1CE000-memory.dmp

      Filesize

      4.8MB

      Download

    • memory/4204-1-0x000000001B680000-0x000000001B726000-memory.dmp

      Filesize

      664KB

      Download

    • memory/4204-28-0x00007FFB23C10000-0x00007FFB245B1000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/5056-17-0x0000000010000000-0x0000000010011000-memory.dmp

      Filesize

      68KB

      Download

    • memory/5056-24-0x0000000010000000-0x0000000010011000-memory.dmp

      Filesize

      68KB

      Download

    • memory/5056-26-0x0000000000400000-0x0000000000412000-memory.dmp

      Filesize

      72KB

      Download