Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

43a45abc94...18.exe

windows7-x64

8

43a45abc94...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    13/07/2024, 22:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    43a45abc947e5b9b6c8a27796558a7a2_JaffaCakes118.exe

  • Size

    309KB

  • MD5

    43a45abc947e5b9b6c8a27796558a7a2

  • SHA1

    cbcfb50d0f1153797fd72d9e0e980bb14b473c9f

  • SHA256

    8ae1653767fc1a34bfbbece90a9e117ede958f48ba324909d65e2aad091e4256

  • SHA512

    ad804c72a7e17400905e57d6a6cada2a87f372faae2e92673b95a4096f85ac21d5d6ed9895ebeed34504ff6ec1684a406a6158b0b1fc3c2af572cf9d199dadcd

  • SSDEEP

    6144:ipUGBphL7j4LeHM3bt+n5Wz4zuKc2AZY7hksBN0d8F:ipUGBTcy44zuKuZhv8

Score
8/10
adwarepersistencestealer

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 2 IoCs
    persistence
  • Loads dropped DLL 1 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 41 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\43a45abc947e5b9b6c8a27796558a7a2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\43a45abc947e5b9b6c8a27796558a7a2_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2544
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\System32\regsvr32.exe" /s C:\Windows\system32\yu85311.dll
      2⤵
      • Adds policy Run key to start application
      • Loads dropped DLL
      • Installs/modifies Browser Helper Object
      • Drops file in Program Files directory
      • Modifies registry class
      PID:2340

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\yu85311.dll
    Filesize

    252KB

    MD5

    7747a5f9ef000f8ada15e4e919225643

    SHA1

    6b17572ce746a4d375b57042e307141eb7da542b

    SHA256

    90191b995f3b44ad7be62f99cbe342834ba3ea64d8185ca989d63686d07d0af1

    SHA512

    ec1717dc4119f4cc0d7b268f57528528856b115f0c7f3d56a413236c38b61a0366235fd7bf25ba926236f9ab3fc9a792a0090171d2a5900c870a5b0d11de9af2

    Download Submit