Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    2s
  • max time network
    62s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/07/2024, 06:31

General

  • Target

    5ad3a3643c22d7fcf42a800ca9fba629_JaffaCakes118.exe

  • Size

    92KB

  • MD5

    5ad3a3643c22d7fcf42a800ca9fba629

  • SHA1

    32ea40dd7ce53b2341da906e306115fe59e8bce9

  • SHA256

    d97c4a27c15e58a2ce96e1b7bf2bc78dfcfa71673b904d08b261ad8e8c25215c

  • SHA512

    92d199ae6b3d0d23f357a11b1406decaee58996a1eed424f0aba4aab8bf4369050af03c45f7cf2b0e3d9cbe8b163d791c2e96a0fccce3b4aa8990cd7f41f89ba

  • SSDEEP

    384:sqDRr6PGpcohnDRr6PGpco/BXGUvn2Z6nOmHT8myvc0Uz1D9pQBY2TAKYtax:L1yfm1yfbQ2cHT81vc1AY2fx

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3408
      • C:\Users\Admin\AppData\Local\Temp\5ad3a3643c22d7fcf42a800ca9fba629_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\5ad3a3643c22d7fcf42a800ca9fba629_JaffaCakes118.exe"
        2⤵
        • Loads dropped DLL
        • Adds Run key to start application
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4508
    • C:\Windows\system32\sihost.exe
      sihost.exe
      1⤵
        PID:856
      • C:\Windows\system32\sihost.exe
        sihost.exe
        1⤵
          PID:2952
        • C:\Windows\system32\sihost.exe
          sihost.exe
          1⤵
            PID:2180
          • C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
            "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
            1⤵
              PID:5004
            • C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
              "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
              1⤵
                PID:2168

              Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Windows\SysWOW64\msccrt.dll

                Filesize

                27KB

                MD5

                40a0ba4156091c666b38f07341e48587

                SHA1

                56b714174096151306bc5507028eea6d1ae6001d

                SHA256

                eb3b627ac4fd97027583fccaaf27d4b46d2b73b8037c3245e1bb58f16620bf08

                SHA512

                eaf4a16c08e7fa43c5ce3398a79581d7aa899985cda7a5d137bdfe44e7d45e078b92a53681355777b920dc4f9d991905c372e0537af5c97161ccb5b6a997c270

              • memory/4508-0-0x0000000000400000-0x0000000000417000-memory.dmp

                Filesize

                92KB

              • memory/4508-6-0x0000000000400000-0x0000000000417000-memory.dmp

                Filesize

                92KB

              • memory/4508-7-0x0000000010000000-0x000000001000D000-memory.dmp

                Filesize

                52KB