Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

5d26b7322d...18.exe

windows7-x64

7

5d26b7322d...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    19/07/2024, 18:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5d26b7322dd4d8de4e8c2cb4e7f7d2f0_JaffaCakes118.exe

  • Size

    407KB

  • MD5

    5d26b7322dd4d8de4e8c2cb4e7f7d2f0

  • SHA1

    1afb6fbc101ac1d40be9c59c85af838a6d556c3c

  • SHA256

    e472e7a4d672ee5bf125545518f44497b83168249ba2792cc9387700c21f0e4f

  • SHA512

    1f6f6fec9605bdbe91400d7426becbfd435ec6c2f6e5cddc2bbf00744c0932b8a864d75862083ab14e9e846c0caf397fb59976d57de1513be77fc75a58cc0bbb

  • SSDEEP

    6144:Bxov71WpHywAjKZ9t3lfr6m2MObxyTliR4LhddBLG4F8k:77pHka3lp25X6hddVGQ

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 6 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5d26b7322dd4d8de4e8c2cb4e7f7d2f0_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5d26b7322dd4d8de4e8c2cb4e7f7d2f0_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2476
    • C:\Windows\Upirya.exe
      C:\Windows\Upirya.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of UnmapMainImage
      PID:2548

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
    Filesize

    372B

    MD5

    92449f546cecaa386dcb39af0ec5e2fe

    SHA1

    67cadb650cea26cff05b3b20d6dbd5652e7c91f7

    SHA256

    bc9d371c174497ee7f28051a1d788f99adeee80f0154f2b709c2e307bf453bf6

    SHA512

    ce8b6ee3f33bb451eec507b93f63252d19cbb19f5c5786db45a1384e53426d58cc4bf8c9be164b1412d7d17d3745d7c5bdb6cd7f99d754dcb9079f0d7aacdff4

    Download Submit

  • C:\Windows\Upirya.exe
    Filesize

    407KB

    MD5

    5d26b7322dd4d8de4e8c2cb4e7f7d2f0

    SHA1

    1afb6fbc101ac1d40be9c59c85af838a6d556c3c

    SHA256

    e472e7a4d672ee5bf125545518f44497b83168249ba2792cc9387700c21f0e4f

    SHA512

    1f6f6fec9605bdbe91400d7426becbfd435ec6c2f6e5cddc2bbf00744c0932b8a864d75862083ab14e9e846c0caf397fb59976d57de1513be77fc75a58cc0bbb

    Download Submit

  • memory/2476-1-0x0000000000400000-0x0000000000467000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2476-2-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2476-3-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2476-13-0x0000000001D40000-0x0000000001DA7000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2476-15-0x0000000001D40000-0x0000000001DA7000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2476-40789-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2548-17-0x0000000000400000-0x0000000000467000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2548-25-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2548-47765-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download