Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

59f51a6c34...18.exe

windows7-x64

10

59f51a6c34...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/07/2024, 01:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    59f51a6c348adcf831951ebdb2dfd7db_JaffaCakes118.exe

  • Size

    243KB

  • MD5

    59f51a6c348adcf831951ebdb2dfd7db

  • SHA1

    7b82f1fc193392e1d7a97209f1a6cc25678385c7

  • SHA256

    7566fe668c9cf9b0a92f81279528d141fc7aa4acb3e38c61f3ba4519e88f6981

  • SHA512

    3460e69bbf3ff4fe4357719d15e05e2e6037729e731fe7a26de48bfa931f918f56a35adb78c8d84fc9476b42e86959f1283c36981e23edf087bf6e5f59a044cf

  • SSDEEP

    6144:lofAndVrvYwQjRrwuo85fZp+6i4ME1DMmJQu5H4EzDnLVQ:mY7lQjJaCx06TM6MmySHHzDL

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Unexpected DNS network traffic destination 2 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\59f51a6c348adcf831951ebdb2dfd7db_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\59f51a6c348adcf831951ebdb2dfd7db_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4976
    • C:\Users\Admin\AppData\Local\1f743cc6\X
      *0*47*5d810138*69.64.52.10:53
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1212
      • C:\Windows\explorer.exe
        "C:\Windows\explorer.exe"
        3⤵
        • Modifies registry class
        PID:1548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\1f743cc6\X
    Filesize

    38KB

    MD5

    72de2dadaf875e2fd7614e100419033c

    SHA1

    5f17c5330e91a42daa9ff24c4aa602bd1a72bf6e

    SHA256

    c44993768a4dc5a58ddbfc9cb05ce2a7d3a0a56be45643d70a72bcf811b6c381

    SHA512

    e2520a53326a7d3b056e65d0cf60e9d823ffb34ca026cdddc7ea3a714f8396c53c37e13a887fc86a7dd7076c97fdfad53c3f5a68342ebc1bdec948c76bda8df3

    Download Submit

  • memory/1548-8-0x0000000000AA0000-0x0000000000AA8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4976-2-0x0000000030670000-0x00000000306C7000-memory.dmp

    Filesize

    348KB

    Download

  • memory/4976-1-0x0000000030670000-0x00000000306A7000-memory.dmp

    Filesize

    220KB

    Download

  • memory/4976-10-0x0000000030670000-0x00000000306A7000-memory.dmp

    Filesize

    220KB

    Download

  • memory/4976-11-0x0000000030670000-0x00000000306C7000-memory.dmp

    Filesize

    348KB

    Download