Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

46bc5106f5...18.exe

windows7-x64

8

46bc5106f5...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    14/07/2024, 17:04 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    46bc5106f5fe4f052ef7e81e72ef9e00_JaffaCakes118.exe

  • Size

    6.3MB

  • MD5

    46bc5106f5fe4f052ef7e81e72ef9e00

  • SHA1

    9c8d40e37c12ff826fe40bb754a9545540bb5cb4

  • SHA256

    e05b109dfccf2a012f2ca7103698e49716162b3a2167999cbaacb09e4befe26d

  • SHA512

    109eaa056f06c6fd7df04d523a65a1e21501f0b64d1e2089423d09733e9a63d394a4702220d9a1575af17a72ca569302c2908eed7f5b8ae11c1f44d16c868502

  • SSDEEP

    196608:PXY0CVT4ID7vg/w3fmuSyiMNRIdT4OQ4HA:QNVcIDTuw3fmUzRIZnA

Score
8/10
evasion

Malware Config

Signatures

  • Sets file to hidden 1 TTPs 2 IoCs

    Modifies file attributes to stop it showing in Explorer etc.

    evasion
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 12 IoCs
  • Views/modifies file attributes 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\46bc5106f5fe4f052ef7e81e72ef9e00_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\46bc5106f5fe4f052ef7e81e72ef9e00_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1996
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\mp4.bat" "
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2396
      • C:\Windows\SysWOW64\attrib.exe
        attrib +s +h CONFIG.exe
        3⤵
        • Sets file to hidden
        • Views/modifies file attributes
        PID:2012
      • C:\Windows\SysWOW64\attrib.exe
        attrib +s +h mp4.bat
        3⤵
        • Sets file to hidden
        • Views/modifies file attributes
        PID:1972

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\CONFIG.exe
    Filesize

    7.8MB

    MD5

    6689d1437f7955660e6ff092cc31af66

    SHA1

    3dc878925f5bd915c82ff7e616da978ff43cc4af

    SHA256

    f271e8caab4a44a98d9afe125b805ee6d676e07a25524b459414430574521f50

    SHA512

    d7067387dde53985453c4e182ce1de0f17dbd89ff788b61b863ae67a413a85cdca23b7732a3a3d172d71a3b9a70501d97ad1def53adbe77012b6727d0603a113

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\mp4.bat
    Filesize

    92B

    MD5

    de663029cbdea0bd94cd7dc80ed25366

    SHA1

    1c20609ac2d662f824cd24b1bed23a6715e8a76d

    SHA256

    8bd168d10029749a35b8bb6e63a8752dc8f21e75ed45c1b4395b8d59b4cc8c75

    SHA512

    7c2771d9e6d1c513427f7f6bf2eed42983a617acddc7e1655b4b56bf69b42c754fcfacc0921e8cd5e9b56d2e733cf7cedb481666801a2a0d0f53ee7de849214c

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.