Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    122s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    16/07/2024, 10:30

General

  • Target

    4debd045774eec54d76b00e78c1259a5_JaffaCakes118.exe

  • Size

    17.6MB

  • MD5

    4debd045774eec54d76b00e78c1259a5

  • SHA1

    2f533d5f5b0ff74f75b2a8a8f77ec1b673c446a8

  • SHA256

    e12431896184060e3bf3c8d25913db7119ab2417504db05f0477483605d513b5

  • SHA512

    773dc18dc105f74f87de5af6fff507fa1511d5cb56b8f141afd52ac68e27bf808b407239f658ff0f49b4b3dcc8f0df9fd39a8cf0cae54665cf76558af3bf724b

  • SSDEEP

    192:i2VAKqGxc49My2dNQOm49A476byj9zHJeyJ+43cDimP1oydUV8z5L/CldolMGoVT:iPqcxwAd+43cWQ1jUa1LCcM4aeWFj

Score
10/10

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
  • Deletes itself 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Drops file in Windows directory 4 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4debd045774eec54d76b00e78c1259a5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4debd045774eec54d76b00e78c1259a5_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2952
    • C:\Users\Admin\AppData\Local\Temp\4debd045774eec54d76b00e78c1259a5_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\4debd045774eec54d76b00e78c1259a5_JaffaCakes118.exe"
      2⤵
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:3004
      • C:\Windows\Googlegl.exe
        "C:\Windows\Googlegl.exe"
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:856
        • C:\Windows\Googlegl.exe
          "C:\Windows\Googlegl.exe"
          4⤵
          • Modifies WinLogon for persistence
          • Deletes itself
          • Executes dropped EXE
          PID:2264

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MyTemp

    Filesize

    84B

    MD5

    2d2caf5edee706d75de553ce945e70eb

    SHA1

    64cc05e73cf143ad4496a528e5534f1833a82915

    SHA256

    8115eb68f44bdd0b1cf43479bc3bd22b11e2ee295e954627eadbdf834a636fc3

    SHA512

    f8ea84414ee3170eb1577ac7c5d9cb5336f9af7ba942ff4f648e6d72383508cc6ac1951ac266c7370846a61705cd1eae1f6918cecabca10cbc5d1e751ae817a8

  • C:\Windows\Googlegl.exe

    Filesize

    20.4MB

    MD5

    cce58449e6e8bf427de8a00537735014

    SHA1

    7751398799ec1abc3fd4ebc1eb6d04acc8e77f46

    SHA256

    c02aa3a8c73973ff78bac98790eba99f1fa3154656aabac1820158c2805f4ad1

    SHA512

    394d66d61e337dec41932ea1e982083738c35b207c61df1de9358444c0911bc22bdcc203bf2a62388f25015d2458ead75893d178d2b91c1a7816d5c18d1e69fd