Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

3d3bc4f1c5...18.exe

windows7-x64

7

3d3bc4f1c5...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    3s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/07/2024, 11:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3d3bc4f1c526e0a49913ff86e6090c7e_JaffaCakes118.exe

  • Size

    20KB

  • MD5

    3d3bc4f1c526e0a49913ff86e6090c7e

  • SHA1

    850934951c25eacad723ba9ea0301ecb4f96bcf4

  • SHA256

    9ed16a1965ed5ef850cb66a328300ece56e4a275cdeea7082889a8ba0629afc9

  • SHA512

    7d325ba1362a4a1ec3b3f9992d86d4f7876acd954e3fefc92f75c5c4bf31e5e786cd73964e3168d42773a61db0158d257e03c413475cd0bc5dc09cb7ed31cef6

  • SSDEEP

    384:3xe+axweskF7+tyFcjap95gajgP3bqP9EOWrmhNQGImlRb7Zw:BaxwesdtAcIiajgP3bqP9pxQG1lRP

Score
7/10
persistence

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3612
      • C:\Users\Admin\AppData\Local\Temp\3d3bc4f1c526e0a49913ff86e6090c7e_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\3d3bc4f1c526e0a49913ff86e6090c7e_JaffaCakes118.exe"
        2⤵
        • Loads dropped DLL
        • Adds Run key to start application
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2696

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\WSockDrv32.dll
      Filesize

      135KB

      MD5

      6721ff9aa6f5c164cd9008f69e0a6b46

      SHA1

      238a1886e074ba489df027b8986b586ffe78aae4

      SHA256

      9a536bb328ee97104b945e2eedd832ec85a4c474569fe0efac48b6f0b88d7d47

      SHA512

      c95f28a35e96964f7da2cb6c934962905a67ea7a782db836f6b58022f03f6e4a7e70f440c0d52a2c4e01a6dbb28ef1c74798774b86f3c91825c073cad2b0d74b

      Download Submit

    • memory/2696-0-0x0000000000400000-0x000000000041B000-memory.dmp

      Filesize

      108KB

      Download

    • memory/2696-7-0x0000000000400000-0x000000000041B000-memory.dmp

      Filesize

      108KB

      Download

    • memory/2696-6-0x0000000000401000-0x0000000000402000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2696-10-0x0000000010000000-0x000000001000D000-memory.dmp

      Filesize

      52KB

      Download

    • memory/3612-3-0x0000000000F20000-0x0000000000F21000-memory.dmp

      Filesize

      4KB

      Download