Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

433cea8bc3...18.exe

windows7-x64

7

433cea8bc3...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    13/07/2024, 20:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    433cea8bc34cece132c891010bf96ef7_JaffaCakes118.exe

  • Size

    212KB

  • MD5

    433cea8bc34cece132c891010bf96ef7

  • SHA1

    f516fa0e92de8cab74d9a24bb37bfab991ed4dd2

  • SHA256

    f0549dc5ffc5d89866f700a3c53d2dcac948c6149fe96d56129cf9e0fc5b8c85

  • SHA512

    d2053334ecf49c897485152a5ab799a68e7ea7e34b9299742ad936ad44c0b0e03228b2cabf55f58a80d63ef9d5769155055cc0101c90262d1658707437ef35cd

  • SSDEEP

    6144:jAEkK6rmEnOwO6esxm1XwY7XEjZufoKEy:8T3rnOwO8xm1XPX8qwy

Score
7/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\433cea8bc34cece132c891010bf96ef7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\433cea8bc34cece132c891010bf96ef7_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2640
    • C:\Windows\Uhelya.exe
      C:\Windows\Uhelya.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of UnmapMainImage
      PID:2844

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
    Filesize

    372B

    MD5

    875d930bf256af0ae6be4bd818408086

    SHA1

    4b76800d8b32678ce90fe05dff0ef78b0ce08825

    SHA256

    0c01e4faef7aa5afc02dce3e8feff9a5048784b6bbf6734985274cec9faf9752

    SHA512

    a0825dd338c1186b47be8adbcb3707075315ba5d769e9bfee8c023e9befa475d6ceab63a3ad41015c7a033afa2a7a180e41833893ff40e6b98d8fdf23bf98c3e

    Download Submit

  • C:\Windows\Uhelya.exe
    Filesize

    212KB

    MD5

    433cea8bc34cece132c891010bf96ef7

    SHA1

    f516fa0e92de8cab74d9a24bb37bfab991ed4dd2

    SHA256

    f0549dc5ffc5d89866f700a3c53d2dcac948c6149fe96d56129cf9e0fc5b8c85

    SHA512

    d2053334ecf49c897485152a5ab799a68e7ea7e34b9299742ad936ad44c0b0e03228b2cabf55f58a80d63ef9d5769155055cc0101c90262d1658707437ef35cd

    Download Submit

  • memory/2640-47229-0x0000000000401000-0x0000000000402000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2640-47228-0x0000000000400000-0x000000000047F000-memory.dmp

    Filesize

    508KB

    Download

  • memory/2640-1-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2640-94701-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/2640-12-0x0000000000440000-0x00000000004BF000-memory.dmp

    Filesize

    508KB

    Download

  • memory/2640-3-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/2640-2-0x0000000000401000-0x0000000000402000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2640-0-0x0000000000400000-0x000000000047F000-memory.dmp

    Filesize

    508KB

    Download

  • memory/2844-30279-0x0000000001CE0000-0x0000000001DE0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2844-30249-0x0000000001CE0000-0x0000000001DE0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2844-47227-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/2844-18-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/2844-20-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/2844-30264-0x0000000001CE0000-0x0000000001DE0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2844-30253-0x0000000001CE0000-0x0000000001DE0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2844-30272-0x0000000001CE0000-0x0000000001DE0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2844-30233-0x0000000001CE0000-0x0000000001DE0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2844-30232-0x0000000001CE0000-0x0000000001DE0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2844-30265-0x0000000001CE0000-0x0000000001DE0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2844-30254-0x0000000001CE0000-0x0000000001DE0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2844-30241-0x0000000001CE0000-0x0000000001DE0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2844-30231-0x0000000001CE0000-0x0000000001DE0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2844-13-0x0000000000400000-0x000000000047F000-memory.dmp

    Filesize

    508KB

    Download