Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

4263984cb2...18.exe

windows7-x64

7

4263984cb2...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/07/2024, 16:05 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4263984cb2dacebe0d9539c4878e0ad9_JaffaCakes118.exe

  • Size

    27KB

  • MD5

    4263984cb2dacebe0d9539c4878e0ad9

  • SHA1

    990e4dca669b96545e5c79e74edf0000fb6fbe8e

  • SHA256

    22ab05aacaef5a9dd59967863f58d8b0f11592cb214270c57e6ce4ad4953bbf1

  • SHA512

    d185dd24674d729b15fb9bf50dc4af9628fca521072421ba2a755940d69013c592e7d0f292d120d6fed256ef0e04f2d9609547bf83b2849be7f165b051c94526

  • SSDEEP

    384:eDESfhzc54pMMVOgOhxLjAc/NlhBMqY/xDkiSSJb6wNbRW3G0Es++dXKoEi2zA6y:eD3zc5NgYZAc/NW9pNWXVtlDCA6

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4263984cb2dacebe0d9539c4878e0ad9_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4263984cb2dacebe0d9539c4878e0ad9_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2468
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\426398~1.EXE > nul
      2⤵
        PID:3172
    • C:\Windows\SysWOW64\server15.exe
      C:\Windows\SysWOW64\server15.exe
      1⤵
      • Executes dropped EXE
      PID:1452

    Network

    • flag-us
      DNS
      s234.2288.org
      server15.exe
      Remote address:
      8.8.8.8:53
      Request
      s234.2288.org
      IN A
      Response
    • flag-us
      DNS
      136.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      136.32.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      55.36.223.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      55.36.223.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      81.144.22.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      81.144.22.2.in-addr.arpa
      IN PTR
      Response
      81.144.22.2.in-addr.arpa
      IN PTR
      a2-22-144-81deploystaticakamaitechnologiescom
    • flag-us
      DNS
      s234.2288.org
      server15.exe
      Remote address:
      8.8.8.8:53
      Request
      s234.2288.org
      IN A
      Response
    • flag-us
      DNS
      s234.2288.org
      server15.exe
      Remote address:
      8.8.8.8:53
      Request
      s234.2288.org
      IN A
      Response
    • flag-us
      DNS
      s234.2288.org
      server15.exe
      Remote address:
      8.8.8.8:53
      Request
      s234.2288.org
      IN A
      Response
    • flag-us
      DNS
      s234.2288.org
      server15.exe
      Remote address:
      8.8.8.8:53
      Request
      s234.2288.org
      IN A
      Response
    • flag-us
      DNS
      86.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      86.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      s234.2288.org
      server15.exe
      Remote address:
      8.8.8.8:53
      Request
      s234.2288.org
      IN A
      Response
    • flag-us
      DNS
      15.164.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      15.164.165.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      172.210.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.210.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      s234.2288.org
      server15.exe
      Remote address:
      8.8.8.8:53
      Request
      s234.2288.org
      IN A
      Response
    • flag-us
      DNS
      s234.2288.org
      server15.exe
      Remote address:
      8.8.8.8:53
      Request
      s234.2288.org
      IN A
      Response
    • flag-us
      DNS
      s234.2288.org
      server15.exe
      Remote address:
      8.8.8.8:53
      Request
      s234.2288.org
      IN A
    • flag-us
      DNS
      s234.2288.org
      server15.exe
      Remote address:
      8.8.8.8:53
      Request
      s234.2288.org
      IN A
      Response
    • flag-us
      DNS
      s234.2288.org
      server15.exe
      Remote address:
      8.8.8.8:53
      Request
      s234.2288.org
      IN A
      Response
    • flag-us
      DNS
      23.58.20.217.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      23.58.20.217.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      s234.2288.org
      server15.exe
      Remote address:
      8.8.8.8:53
      Request
      s234.2288.org
      IN A
      Response
    • flag-us
      DNS
      s234.2288.org
      server15.exe
      Remote address:
      8.8.8.8:53
      Request
      s234.2288.org
      IN A
      Response
    • flag-us
      DNS
      s234.2288.org
      server15.exe
      Remote address:
      8.8.8.8:53
      Request
      s234.2288.org
      IN A
      Response
    • flag-us
      DNS
      s234.2288.org
      server15.exe
      Remote address:
      8.8.8.8:53
      Request
      s234.2288.org
      IN A
      Response
    • flag-us
      DNS
      s234.2288.org
      server15.exe
      Remote address:
      8.8.8.8:53
      Request
      s234.2288.org
      IN A
      Response
    • flag-us
      DNS
      s234.2288.org
      server15.exe
      Remote address:
      8.8.8.8:53
      Request
      s234.2288.org
      IN A
      Response
    • flag-us
      DNS
      s234.2288.org
      server15.exe
      Remote address:
      8.8.8.8:53
      Request
      s234.2288.org
      IN A
      Response
    • flag-us
      DNS
      s234.2288.org
      server15.exe
      Remote address:
      8.8.8.8:53
      Request
      s234.2288.org
      IN A
      Response
    • flag-us
      DNS
      s234.2288.org
      server15.exe
      Remote address:
      8.8.8.8:53
      Request
      s234.2288.org
      IN A
      Response
    • flag-us
      DNS
      s234.2288.org
      server15.exe
      Remote address:
      8.8.8.8:53
      Request
      s234.2288.org
      IN A
      Response
    • flag-us
      DNS
      s234.2288.org
      server15.exe
      Remote address:
      8.8.8.8:53
      Request
      s234.2288.org
      IN A
      Response
    • flag-us
      DNS
      s234.2288.org
      server15.exe
      Remote address:
      8.8.8.8:53
      Request
      s234.2288.org
      IN A
      Response
    • flag-us
      DNS
      s234.2288.org
      server15.exe
      Remote address:
      8.8.8.8:53
      Request
      s234.2288.org
      IN A
      Response
    • flag-us
      DNS
      s234.2288.org
      server15.exe
      Remote address:
      8.8.8.8:53
      Request
      s234.2288.org
      IN A
      Response
    • flag-us
      DNS
      s234.2288.org
      server15.exe
      Remote address:
      8.8.8.8:53
      Request
      s234.2288.org
      IN A
      Response
    No results found
    • 8.8.8.8:53
      s234.2288.org
      dns
      server15.exe
      59 B
       123 B
       1
      1

      DNS Request

      s234.2288.org

    • 8.8.8.8:53
      136.32.126.40.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      136.32.126.40.in-addr.arpa

    • 8.8.8.8:53
      55.36.223.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      55.36.223.20.in-addr.arpa

    • 8.8.8.8:53
      81.144.22.2.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      81.144.22.2.in-addr.arpa

    • 8.8.8.8:53
      s234.2288.org
      dns
      server15.exe
      59 B
       123 B
       1
      1

      DNS Request

      s234.2288.org

    • 8.8.8.8:53
      s234.2288.org
      dns
      server15.exe
      59 B
       123 B
       1
      1

      DNS Request

      s234.2288.org

    • 8.8.8.8:53
      s234.2288.org
      dns
      server15.exe
      59 B
       123 B
       1
      1

      DNS Request

      s234.2288.org

    • 8.8.8.8:53
      s234.2288.org
      dns
      server15.exe
      59 B
       123 B
       1
      1

      DNS Request

      s234.2288.org

    • 8.8.8.8:53
      86.23.85.13.in-addr.arpa
      dns
      70 B
       144 B
       1
      1

      DNS Request

      86.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      s234.2288.org
      dns
      server15.exe
      59 B
       123 B
       1
      1

      DNS Request

      s234.2288.org

    • 8.8.8.8:53
      15.164.165.52.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      15.164.165.52.in-addr.arpa

    • 8.8.8.8:53
      172.210.232.199.in-addr.arpa
      dns
      74 B
       128 B
       1
      1

      DNS Request

      172.210.232.199.in-addr.arpa

    • 8.8.8.8:53
      s234.2288.org
      dns
      server15.exe
      59 B
       123 B
       1
      1

      DNS Request

      s234.2288.org

    • 8.8.8.8:53
      s234.2288.org
      dns
      server15.exe
      118 B
       123 B
       2
      1

      DNS Request

      s234.2288.org

      DNS Request

      s234.2288.org

    • 8.8.8.8:53
      s234.2288.org
      dns
      server15.exe
      59 B
       123 B
       1
      1

      DNS Request

      s234.2288.org

    • 8.8.8.8:53
      s234.2288.org
      dns
      server15.exe
      59 B
       123 B
       1
      1

      DNS Request

      s234.2288.org

    • 8.8.8.8:53
      23.58.20.217.in-addr.arpa
      dns
      71 B
       131 B
       1
      1

      DNS Request

      23.58.20.217.in-addr.arpa

    • 8.8.8.8:53
      s234.2288.org
      dns
      server15.exe
      59 B
       123 B
       1
      1

      DNS Request

      s234.2288.org

    • 8.8.8.8:53
      s234.2288.org
      dns
      server15.exe
      59 B
       123 B
       1
      1

      DNS Request

      s234.2288.org

    • 8.8.8.8:53
      s234.2288.org
      dns
      server15.exe
      59 B
       123 B
       1
      1

      DNS Request

      s234.2288.org

    • 8.8.8.8:53
      s234.2288.org
      dns
      server15.exe
      59 B
       123 B
       1
      1

      DNS Request

      s234.2288.org

    • 8.8.8.8:53
      s234.2288.org
      dns
      server15.exe
      59 B
       123 B
       1
      1

      DNS Request

      s234.2288.org

    • 8.8.8.8:53
      s234.2288.org
      dns
      server15.exe
      59 B
       123 B
       1
      1

      DNS Request

      s234.2288.org

    • 8.8.8.8:53
      s234.2288.org
      dns
      server15.exe
      59 B
       123 B
       1
      1

      DNS Request

      s234.2288.org

    • 8.8.8.8:53
      s234.2288.org
      dns
      server15.exe
      59 B
       123 B
       1
      1

      DNS Request

      s234.2288.org

    • 8.8.8.8:53
      s234.2288.org
      dns
      server15.exe
      59 B
       123 B
       1
      1

      DNS Request

      s234.2288.org

    • 8.8.8.8:53
      s234.2288.org
      dns
      server15.exe
      59 B
       123 B
       1
      1

      DNS Request

      s234.2288.org

    • 8.8.8.8:53
      s234.2288.org
      dns
      server15.exe
      59 B
       123 B
       1
      1

      DNS Request

      s234.2288.org

    • 8.8.8.8:53
      s234.2288.org
      dns
      server15.exe
      59 B
       123 B
       1
      1

      DNS Request

      s234.2288.org

    • 8.8.8.8:53
      s234.2288.org
      dns
      server15.exe
      59 B
       123 B
       1
      1

      DNS Request

      s234.2288.org

    • 8.8.8.8:53
      s234.2288.org
      dns
      server15.exe
      59 B
       123 B
       1
      1

      DNS Request

      s234.2288.org

    • 8.8.8.8:53
      s234.2288.org
      dns
      server15.exe
      59 B
       123 B
       1
      1

      DNS Request

      s234.2288.org

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\server15.exe
      Filesize

      27KB

      MD5

      4263984cb2dacebe0d9539c4878e0ad9

      SHA1

      990e4dca669b96545e5c79e74edf0000fb6fbe8e

      SHA256

      22ab05aacaef5a9dd59967863f58d8b0f11592cb214270c57e6ce4ad4953bbf1

      SHA512

      d185dd24674d729b15fb9bf50dc4af9628fca521072421ba2a755940d69013c592e7d0f292d120d6fed256ef0e04f2d9609547bf83b2849be7f165b051c94526

      Download Submit

    • memory/1452-5-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB

      Download

    • memory/1452-8-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB

      Download

    • memory/2468-0-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB

      Download

    • memory/2468-7-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.