Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

5ab98fa374...18.exe

windows7-x64

7

5ab98fa374...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    139s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/07/2024, 05:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5ab98fa374fb3354a17b9f2ae40b2b32_JaffaCakes118.exe

  • Size

    359KB

  • MD5

    5ab98fa374fb3354a17b9f2ae40b2b32

  • SHA1

    64cf30c5ed3aee9b1d29e296988aa93d9f3bcf3a

  • SHA256

    1cf8af841511bc3a1210c9c02276627d87dd07d38bbb2baa44c20cf55c3a76f3

  • SHA512

    c673116e62e79a128093f34dda0abb04e59a2bf2ac13e967cd1882551bf63f9e779a6f6e23933bed2d91440005bac3e7724eef31e722c6c243a43c821cfa0a52

  • SSDEEP

    6144:0BFybY/7YsXUmrXgEXrMzp14WaumddWFlhdYBb+vDDTH0DcPGCa3DLb8NHiB:0Cm/XXgsdumdIlnYqDDTUwPbWLb8NCB

Score
7/10
spywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious use of WriteProcessMemory 9 IoCs
  • Views/modifies file attributes 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\5ab98fa374fb3354a17b9f2ae40b2b32_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5ab98fa374fb3354a17b9f2ae40b2b32_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3448
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\7B1BTM~1.BAT
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:744
      • C:\Windows\SysWOW64\attrib.exe
        attrib -R -S -H "C:\Users\Admin\AppData\Local\Temp\5ab98fa374fb3354a17b9f2ae40b2b32_JaffaCakes118.exe"
        3⤵
        • Views/modifies file attributes
        PID:3748
      • C:\Windows\SysWOW64\attrib.exe
        attrib -R -S -H "C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\7B1B.tmp.bat"
        3⤵
        • Views/modifies file attributes
        PID:2276

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\7B1B.tmp.bat
    Filesize

    474B

    MD5

    eb091c39c901bae627af5d9fe6514a6e

    SHA1

    c0adad347bf1f4832ebf4e1b6448b55bc39a90e9

    SHA256

    67cfc8f02717140f4d0e31290e2e0b006810343b6d5a4ad3a1d0ab4454bbd17f

    SHA512

    575171b2b3165ee608c67cbfc8560c484c1bb59c80f9b396c056c7fa75a97343924b7587a734e217049dbebfbd172a7688c8f204e5770c201114251fe4485467

    Download Submit

  • memory/3448-1-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/3448-3-0x00000000020C0000-0x000000000211E000-memory.dmp

    Filesize

    376KB

    Download

  • memory/3448-4-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download