Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

4be29ab930...18.exe

windows7-x64

6

4be29ab930...18.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/07/2024, 23:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4be29ab930b823fd0333807f2d8f3a4f_JaffaCakes118.exe

  • Size

    1.7MB

  • MD5

    4be29ab930b823fd0333807f2d8f3a4f

  • SHA1

    83c10cdf53ef410a209d3c6664d7c077465a4231

  • SHA256

    6ea8de26b5c9e6b4e2d9071c0b49c97ddf428232edb4de6011685ac026c96efa

  • SHA512

    88c871f6543b41e085d1dcd3e192168cfdebcb07b11b01a7984c895818d48bf59510848a5173b7210c5632dcfc2ae7ebd3526acae0c12cbbc29d8b21d8366ba7

  • SSDEEP

    24576:qana99VS/PMZryc+53M2TnexUJEGkGV4WHLVAHX5eO:qRfVSk2nljJiUuH

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4be29ab930b823fd0333807f2d8f3a4f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4be29ab930b823fd0333807f2d8f3a4f_JaffaCakes118.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    PID:696

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads