Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

5c2bb73e11...18.exe

windows7-x64

7

5c2bb73e11...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    19/07/2024, 13:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5c2bb73e116e8d5d7fa9e5f11c0ef0b6_JaffaCakes118.exe

  • Size

    1.2MB

  • MD5

    5c2bb73e116e8d5d7fa9e5f11c0ef0b6

  • SHA1

    90ace4aaf9b595b7e51fee1983213c9077f8b25c

  • SHA256

    19633696d5c217dbaa87c84f478ee23e24874652412aee06799c9115615af847

  • SHA512

    3b120fec95a62e029e8e4ef1f3f76831268243ff06c1051b71be085e8fac9a0a673120d9ceb06e1e5552005f38ad0a86c22ea1276f88e68110373701f41e91e6

  • SSDEEP

    24576:zbYa4ERAQu9/952/kDzHMeB7Ht63IkbV0DE4:Hhza9F52cD9BgbVId

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5c2bb73e116e8d5d7fa9e5f11c0ef0b6_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5c2bb73e116e8d5d7fa9e5f11c0ef0b6_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3068
    • C:\Users\Admin\AppData\Roaming\FileHunter\FileHunter.exe
      "C:\Users\Admin\AppData\Roaming\FileHunter\FileHunter.exe" ""
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2380

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Roaming\FileHunter\FileHunter.exe
    Filesize

    2.1MB

    MD5

    950c0b381895bc6eba023ba7a48778ea

    SHA1

    950b7925129d30310cb657735dc2cab75a016a2a

    SHA256

    9f1edff26107ab1c8158e73c3eafe23ae7aba83c7ad3b378e3f2e978b19105f6

    SHA512

    b9ff2496c3053b0f667214fafe456af644bb761e7803ec5945ddaaa432bd62e9d5d30c60f8f6d91242543cc6324c1e5524b1c010eb334def306ec67a6f904674

    Download Submit

  • memory/2380-14-0x0000000000400000-0x000000000061F000-memory.dmp

    Filesize

    2.1MB

    Download