Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

4a047b2fbe...18.exe

windows7-x64

7

4a047b2fbe...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    15/07/2024, 14:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4a047b2fbe8e8a22582a655c4e1d351d_JaffaCakes118.exe

  • Size

    101KB

  • MD5

    4a047b2fbe8e8a22582a655c4e1d351d

  • SHA1

    5e56b3bdd63503c4c9717c19fb7a937c8745ad65

  • SHA256

    82d528e4e45e32f2fbcd5ad9dc2395bf797a543f216711d6f31c1dfe3ff59412

  • SHA512

    b57f2abcb1755ac3ef6c47edcb83505794ef170b1f264a75fef724a928c5e075cb9854cbee1fb7d6fdaa328d6e804b8f4eb7f78f09cfe75fa4d66f9028b41ea0

  • SSDEEP

    3072:D+hAZ9D9kxOHZOrvcmKWVegHc3fbOouv:qhAjlZOrkNWVd8jOoE

Score
7/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4a047b2fbe8e8a22582a655c4e1d351d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4a047b2fbe8e8a22582a655c4e1d351d_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2076
    • C:\Users\Admin\AppData\Roaming\netprotocol.exe
      C:\Users\Admin\AppData\Roaming\netprotocol.exe
      2⤵
      • Executes dropped EXE
      PID:2476

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Roaming\netprotocol.exe
    Filesize

    101KB

    MD5

    94624c882743785bbf56ff14601802fd

    SHA1

    1d3e01f8fa8cba2ca1fbda0f91e13b424947baf4

    SHA256

    743223f213bde739244ad82fa3866a9715b57c7c5177b6ef10df5e9af1e6cbff

    SHA512

    b91070f0ff4d7b15893987773d1b8b66ca8c8c5b5074fa90f6ae511f247d7349f530dfc98a07bbccc53c41886750c529580191aa299c954fe5e8e490980a60b6

    Download Submit

  • memory/2076-0-0x0000000000400000-0x000000000044B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/2076-1-0x00000000001B0000-0x00000000001C4000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2076-2-0x0000000000400000-0x000000000044B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/2076-12-0x0000000001BB0000-0x0000000001BFB000-memory.dmp

    Filesize

    300KB

    Download

  • memory/2076-16-0x0000000000400000-0x000000000044B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/2476-13-0x0000000000400000-0x000000000044B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/2476-17-0x0000000000400000-0x000000000044B000-memory.dmp

    Filesize

    300KB

    Download