Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    14/07/2024, 06:31

General

  • Target

    44b317f22e4f8b434457bd4e716ffcdf_JaffaCakes118.exe

  • Size

    354KB

  • MD5

    44b317f22e4f8b434457bd4e716ffcdf

  • SHA1

    69178bd12b0cf4224fea5ddc0b4d4da450a9bab3

  • SHA256

    9108997ed7a98a7abe8ff92f631c4a0d48ecebdaee9511707da9127a9ec55dcc

  • SHA512

    7e9a0cedbdaadd36a8d40d7cc41e3a495d830db080229c9a3b155d4a9508edd5a0272819f96bb53b105f47562e5f065ff7a30edcc6afd02863ad055ac3320d7b

  • SSDEEP

    6144:WiOgCOUoL9sewNglEO/JUYfxVc5Iv01RtazG3TpqRIjVCZFmrMD2u5LYeaszuQ:Tpso/+8Pc5IsWhKjAtD/5LraO

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\44b317f22e4f8b434457bd4e716ffcdf_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\44b317f22e4f8b434457bd4e716ffcdf_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2536
    • C:\ProgramData\eMkHfBf17902\eMkHfBf17902.exe
      "C:\ProgramData\eMkHfBf17902\eMkHfBf17902.exe" "C:\Users\Admin\AppData\Local\Temp\44b317f22e4f8b434457bd4e716ffcdf_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:2056

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \ProgramData\eMkHfBf17902\eMkHfBf17902.exe

    Filesize

    354KB

    MD5

    e2c920fab459fa9faf0b3dd0a3589b0a

    SHA1

    dd965074b203b30f633ab6ba79cf307f7c637836

    SHA256

    9adf81029ad302426978adb14ead34a311e72ccd127f25c466442053b01b206e

    SHA512

    837ff90963cd7252564e678cff117c023864781981c843fc2aff532003344fe678945cf625420c65f0ca50ce92a5f424127d2d76a1b41c80a183ce72c6083737

  • memory/2056-16-0x0000000000400000-0x00000000004C5000-memory.dmp

    Filesize

    788KB

  • memory/2056-21-0x0000000000400000-0x00000000004C5000-memory.dmp

    Filesize

    788KB

  • memory/2056-36-0x0000000000400000-0x00000000004C5000-memory.dmp

    Filesize

    788KB

  • memory/2536-0-0x0000000000400000-0x00000000004C5000-memory.dmp

    Filesize

    788KB

  • memory/2536-1-0x0000000077E40000-0x0000000077E41000-memory.dmp

    Filesize

    4KB

  • memory/2536-13-0x0000000002380000-0x0000000002445000-memory.dmp

    Filesize

    788KB

  • memory/2536-14-0x0000000002380000-0x0000000002445000-memory.dmp

    Filesize

    788KB

  • memory/2536-20-0x0000000000400000-0x00000000004C5000-memory.dmp

    Filesize

    788KB

  • memory/2536-51-0x0000000000400000-0x00000000004C5000-memory.dmp

    Filesize

    788KB