Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
16/07/2024, 09:37
General
-
Target
4dbec925bd0e0e2d73b6c4536e35f5a2_JaffaCakes118.exe
-
Size
123KB
-
MD5
4dbec925bd0e0e2d73b6c4536e35f5a2
-
SHA1
e290b071d56b1e1b3ba8521cc54549a0ea8fee6a
-
SHA256
93952bf02709fb19f61892f6fb9eca5b59f9773a09d08010c50f96158367cb5f
-
SHA512
d32c18c300e378953668b19591d36d178d772802480b7a0b0c5f805588ac727b0655a3011ca9db9e580f74d04c31aacc898e88435a354f094eb94793bbd9d752
-
SSDEEP
3072:VeSyGQ8sEPwfmzx9hkubycXsqa62Ux+oJ:VeSyGQSPkO9Smyc8qa62UP
Score
8/10
Malware Config
Signatures
-
Server Software Component: Terminal Services DLL 1 TTPs 1 IoCs
-
Deletes itself 1 IoCs
-
Loads dropped DLL 5 IoCs
-
Drops file in System32 directory 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4dbec925bd0e0e2d73b6c4536e35f5a2_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\4dbec925bd0e0e2d73b6c4536e35f5a2_JaffaCakes118.exe"1⤵
- Server Software Component: Terminal Services DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe c:\windows\system32\heixueex.dll, Startup FastUserSwitchingCompatibility2⤵
- Deletes itself
- Loads dropped DLL
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
109KB
MD58c5d041c8f20fe3e0a931bb6902ab290
SHA1eefa98121ed4f66c8ba5a18ff8057517e648a1cf
SHA256c83a775e0b7459e817555099edc91e1919b894030f48c0e4e15d70539fa37cfb
SHA5122025bd0dec118924bbb60a6db31afbaefad4118cb82ea6b6b4c2f7ba9fe63b5a6ffeb597d6b95d81e5a729ac2d922cb9e6f8298b2e2d28f8e13934083e7450b4