Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

4826e3d9a7...18.exe

windows7-x64

10

4826e3d9a7...18.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    15/07/2024, 04:07 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4826e3d9a775d82209a1d3db23ae6b44_JaffaCakes118.exe

  • Size

    352KB

  • MD5

    4826e3d9a775d82209a1d3db23ae6b44

  • SHA1

    7bcc1c46b20690b1f316ee64882340992efd80fb

  • SHA256

    40dce9ca641144297bfe32cca4c147be4c725a55c3f7c2458ee5cc91bab15b70

  • SHA512

    ad10fcd1611be1492abd39c2f731c1c48c27634e39941230a2f288cc0eaab570052eaa9da9a7e8239e4d7728c89a965d07aa6decad57ea0122ccfda822d50eee

  • SSDEEP

    6144:JjttqWASxQ0rShyGlReFjbjfhyqQMRYNYoDvohAi3lFeB6M2Xf3:JWWDQcShyGloFjbTA1KmNo/VFC6l

Score
10/10
evasiontrojan

Malware Config

Signatures

  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Windows security bypass 2 TTPs 5 IoCs
    evasiontrojan
  • Disables taskbar notifications via registry modification
    evasion
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Windows security modification 2 TTPs 7 IoCs
    evasiontrojan
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Modifies registry class 22 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs
  • System policy modification 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\4826e3d9a775d82209a1d3db23ae6b44_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4826e3d9a775d82209a1d3db23ae6b44_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2064
    • C:\ProgramData\043A6AEB00014973000BD86DB4EB2331\043A6AEB00014973000BD86DB4EB2331.exe
      "C:\ProgramData\043A6AEB00014973000BD86DB4EB2331\043A6AEB00014973000BD86DB4EB2331.exe" -d "C:\Users\Admin\AppData\Local\Temp\4826e3d9a775d82209a1d3db23ae6b44_JaffaCakes118.exe"
      2⤵
      • UAC bypass
      • Windows security bypass
      • Deletes itself
      • Executes dropped EXE
      • Windows security modification
      • Checks whether UAC is enabled
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • System policy modification
      PID:2556

Network

    No results found
  • 95.168.172.86:80
    043A6AEB00014973000BD86DB4EB2331.exe
    152 B
     3
  • 95.168.172.86:80
    4826e3d9a775d82209a1d3db23ae6b44_JaffaCakes118.exe
    152 B
     3
  • 95.168.172.86:80
    043A6AEB00014973000BD86DB4EB2331.exe
    152 B
     3
  • 95.168.172.86:80
    4826e3d9a775d82209a1d3db23ae6b44_JaffaCakes118.exe
    152 B
     3
  • 178.162.132.113:80
    043A6AEB00014973000BD86DB4EB2331.exe
    152 B
     3
  • 178.162.132.113:80
    043A6AEB00014973000BD86DB4EB2331.exe
    152 B
     3
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\043A6AEB00014973000BD86DB4EB2331\043A6AEB00014973000BD86DB4EB2331
    Filesize

    328B

    MD5

    4ebcc6438607b87c891b9cecdd8ec5c5

    SHA1

    4985e817fcd4207d132c2d503db6e0fbb81724a3

    SHA256

    aa867a5bafb17c2f078a91171b475647a7750ece6016a815778c60f452a2a8b2

    SHA512

    177c4c2f5dc99d9ab19054745b026e9a0d12f0de93f0d466134e595030d61cc52201a7f54dba98840b57eca8c4ee19ac85d3ac6e3096730a9fcdaa0ec35c8970

    Download Submit

  • \ProgramData\043A6AEB00014973000BD86DB4EB2331\043A6AEB00014973000BD86DB4EB2331.exe
    Filesize

    352KB

    MD5

    4826e3d9a775d82209a1d3db23ae6b44

    SHA1

    7bcc1c46b20690b1f316ee64882340992efd80fb

    SHA256

    40dce9ca641144297bfe32cca4c147be4c725a55c3f7c2458ee5cc91bab15b70

    SHA512

    ad10fcd1611be1492abd39c2f731c1c48c27634e39941230a2f288cc0eaab570052eaa9da9a7e8239e4d7728c89a965d07aa6decad57ea0122ccfda822d50eee

    Download Submit

  • memory/2064-34-0x0000000000400000-0x00000000004C3000-memory.dmp

    Filesize

    780KB

    Download

  • memory/2064-0-0x0000000000400000-0x00000000004C3000-memory.dmp

    Filesize

    780KB

    Download

  • memory/2064-5-0x0000000000400000-0x00000000004C3000-memory.dmp

    Filesize

    780KB

    Download

  • memory/2064-1-0x0000000000400000-0x00000000004C3000-memory.dmp

    Filesize

    780KB

    Download

  • memory/2064-3-0x0000000000400000-0x00000000004C3000-memory.dmp

    Filesize

    780KB

    Download

  • memory/2064-26-0x0000000000400000-0x00000000004C3000-memory.dmp

    Filesize

    780KB

    Download

  • memory/2064-4-0x0000000000400000-0x00000000004C3000-memory.dmp

    Filesize

    780KB

    Download

  • memory/2556-18-0x0000000000400000-0x00000000004C3000-memory.dmp

    Filesize

    780KB

    Download

  • memory/2556-19-0x0000000000400000-0x00000000004C3000-memory.dmp

    Filesize

    780KB

    Download

  • memory/2556-27-0x0000000000400000-0x00000000004C3000-memory.dmp

    Filesize

    780KB

    Download

  • memory/2556-15-0x0000000000400000-0x00000000004C3000-memory.dmp

    Filesize

    780KB

    Download

  • memory/2556-35-0x0000000000400000-0x00000000004C3000-memory.dmp

    Filesize

    780KB

    Download

  • memory/2556-41-0x0000000000400000-0x00000000004C3000-memory.dmp

    Filesize

    780KB

    Download

  • memory/2556-42-0x0000000000400000-0x00000000004C3000-memory.dmp

    Filesize

    780KB

    Download

  • memory/2556-43-0x0000000000400000-0x00000000004C3000-memory.dmp

    Filesize

    780KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.