Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

43afa54608...18.exe

windows7-x64

7

43afa54608...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    13/07/2024, 23:29 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    43afa546085450703c00611b2f177664_JaffaCakes118.exe

  • Size

    5.5MB

  • MD5

    43afa546085450703c00611b2f177664

  • SHA1

    8b52ad4ebf269b78a85a2bca42b8fd9703fb476a

  • SHA256

    be0eee8abd8e1df9076073e8681bcfa4879d48d6e9af818bac3505d83a29488e

  • SHA512

    b0941eb7ce590f256d3de17b0f683842e8f4d70ab2591ee0a5d2d0332ac612074cc09d259f2892a72fe4a7da58ae554b0385af762a748ebbde2681ba14905c5a

  • SSDEEP

    98304:KtBPKtMLFCHpX4cxef229iE/tIUoyCMoiK7V8LWZXYq+DJJF9yyjs:KjzFixsfn9+u6K/F93Q

Score
7/10

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\43afa546085450703c00611b2f177664_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\43afa546085450703c00611b2f177664_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2308

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nso95CD.tmp\ioSpecial.ini
    Filesize

    605B

    MD5

    65765325a2fc420bdfe682a17cc0c904

    SHA1

    968f728f64c243329c135b2f819fc210d4434af5

    SHA256

    cc3b0b2ac6e53f00dadbb7db44c4a3eb821f80adadde6da23dbb40fe523fcd3c

    SHA512

    97b7aa62098721ad931f4f586fb35166b0009548d52ff0c0f633fb36bd8fa1bc2eec155f7b38079dff61276617072bde50e958ddf93df5e8a5a4d7a5a90617f5

    Download Submit

  • \Users\Admin\AppData\Local\Temp\gol953D.tmp
    Filesize

    172KB

    MD5

    685f1cbd4af30a1d0c25f252d399a666

    SHA1

    6a1b978f5e6150b88c8634146f1406ed97d2f134

    SHA256

    0e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4

    SHA512

    6555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nso95CD.tmp\BrandingURL.dll
    Filesize

    4KB

    MD5

    71c46b663baa92ad941388d082af97e7

    SHA1

    5a9fcce065366a526d75cc5ded9aade7cadd6421

    SHA256

    bb2b9c272b8b66bc1b414675c2acba7afad03fff66a63babee3ee57ed163d19e

    SHA512

    5965bd3f5369b9a1ed641c479f7b8a14af27700d0c27d482aa8eb62acc42f7b702b5947d82f9791b29bcba4d46e1409244f0a8ddce4ec75022b5e27f6d671bce

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nso95CD.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    325b008aec81e5aaa57096f05d4212b5

    SHA1

    27a2d89747a20305b6518438eff5b9f57f7df5c3

    SHA256

    c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    SHA512

    18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

    Download Submit

  • memory/2308-0-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2308-4-0x0000000000250000-0x00000000002C3000-memory.dmp

    Filesize

    460KB

    Download

  • memory/2308-93-0x0000000000250000-0x00000000002C3000-memory.dmp

    Filesize

    460KB

    Download

  • memory/2308-95-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2308-100-0x0000000000250000-0x00000000002C3000-memory.dmp

    Filesize

    460KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.