Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

48c7df9908...18.dll

windows7-x64

7

48c7df9908...18.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    15/07/2024, 07:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    48c7df99089edd824b427a9b1d00c017_JaffaCakes118.dll

  • Size

    312KB

  • MD5

    48c7df99089edd824b427a9b1d00c017

  • SHA1

    a5a3c03e6ca29b39f5881f824cb1978379527d68

  • SHA256

    2e1b657ed676d209fe27cf9c03f4cb040f9d2112f7e798b9c9aea2e5b37f1c69

  • SHA512

    aa64bb938ea9d3f7bb3e3dad14697bac7df6e559007e8925f4bb8d018e1e077d03fa9970197761b0d4725f686e10f5a863f3ccf8fdbf9aa95aa2f10194e8f43d

  • SSDEEP

    6144:xIeRrNHAYKIdFchQ6NnMdohq9HwCVRn+Q/ymBRNHQk:xzAYKwqNNMdohq9HwHkwk

Score
7/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 4 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\48c7df99089edd824b427a9b1d00c017_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2476
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\48c7df99089edd824b427a9b1d00c017_JaffaCakes118.dll,#1
      2⤵
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:2488
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\DelEx.bat" "
        3⤵
          PID:1140

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\DelEx.bat
      Filesize

      138B

      MD5

      9645f4a4f4d131d3cae739994abc63d6

      SHA1

      f982786ab95a8bbfd6cbfd34d7cfa9e8312d5053

      SHA256

      91e3dd407064922350c22320a284a377c83b67ec0cef2d15305ccd49d8ddb750

      SHA512

      a1b15cf6eb9a2714291f70f35046df2e026082f3fe4843d62ed86bc9e954b0cfe3b6a4847ffa408590b252b3d55c2753abf08443d40ea1882b82a8e3bded2167

      Download Submit

    • memory/2488-4-0x0000000000792000-0x0000000000793000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2488-3-0x0000000000700000-0x00000000007A5000-memory.dmp

      Filesize

      660KB

      Download

    • memory/2488-2-0x0000000000700000-0x00000000007A5000-memory.dmp

      Filesize

      660KB

      Download

    • memory/2488-1-0x0000000000700000-0x00000000007A5000-memory.dmp

      Filesize

      660KB

      Download

    • memory/2488-0-0x0000000000700000-0x00000000007A5000-memory.dmp

      Filesize

      660KB

      Download