Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
19/07/2024, 18:31
Behavioral task
behavioral1
Sample
5d26b7322dd4d8de4e8c2cb4e7f7d2f0_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
5d26b7322dd4d8de4e8c2cb4e7f7d2f0_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
5d26b7322dd4d8de4e8c2cb4e7f7d2f0_JaffaCakes118.exe
-
Size
407KB
-
MD5
5d26b7322dd4d8de4e8c2cb4e7f7d2f0
-
SHA1
1afb6fbc101ac1d40be9c59c85af838a6d556c3c
-
SHA256
e472e7a4d672ee5bf125545518f44497b83168249ba2792cc9387700c21f0e4f
-
SHA512
1f6f6fec9605bdbe91400d7426becbfd435ec6c2f6e5cddc2bbf00744c0932b8a864d75862083ab14e9e846c0caf397fb59976d57de1513be77fc75a58cc0bbb
-
SSDEEP
6144:Bxov71WpHywAjKZ9t3lfr6m2MObxyTliR4LhddBLG4F8k:77pHka3lp25X6hddVGQ
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2548 Upirya.exe -
resource yara_rule behavioral1/memory/2476-1-0x0000000000400000-0x0000000000467000-memory.dmp upx behavioral1/files/0x00080000000173de-12.dat upx behavioral1/memory/2476-13-0x0000000001D40000-0x0000000001DA7000-memory.dmp upx behavioral1/memory/2548-17-0x0000000000400000-0x0000000000467000-memory.dmp upx -
Drops file in Windows directory 6 IoCs
description ioc Process File created C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job Upirya.exe File opened for modification C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job Upirya.exe File created C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job 5d26b7322dd4d8de4e8c2cb4e7f7d2f0_JaffaCakes118.exe File opened for modification C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job 5d26b7322dd4d8de4e8c2cb4e7f7d2f0_JaffaCakes118.exe File created C:\Windows\Upirya.exe 5d26b7322dd4d8de4e8c2cb4e7f7d2f0_JaffaCakes118.exe File opened for modification C:\Windows\Upirya.exe 5d26b7322dd4d8de4e8c2cb4e7f7d2f0_JaffaCakes118.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main Upirya.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe 2548 Upirya.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
pid Process 2476 5d26b7322dd4d8de4e8c2cb4e7f7d2f0_JaffaCakes118.exe 2548 Upirya.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2476 5d26b7322dd4d8de4e8c2cb4e7f7d2f0_JaffaCakes118.exe 2548 Upirya.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2476 wrote to memory of 2548 2476 5d26b7322dd4d8de4e8c2cb4e7f7d2f0_JaffaCakes118.exe 31 PID 2476 wrote to memory of 2548 2476 5d26b7322dd4d8de4e8c2cb4e7f7d2f0_JaffaCakes118.exe 31 PID 2476 wrote to memory of 2548 2476 5d26b7322dd4d8de4e8c2cb4e7f7d2f0_JaffaCakes118.exe 31 PID 2476 wrote to memory of 2548 2476 5d26b7322dd4d8de4e8c2cb4e7f7d2f0_JaffaCakes118.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\5d26b7322dd4d8de4e8c2cb4e7f7d2f0_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5d26b7322dd4d8de4e8c2cb4e7f7d2f0_JaffaCakes118.exe"1⤵
- Drops file in Windows directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2476 -
C:\Windows\Upirya.exeC:\Windows\Upirya.exe2⤵
- Executes dropped EXE
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of UnmapMainImage
PID:2548
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
372B
MD592449f546cecaa386dcb39af0ec5e2fe
SHA167cadb650cea26cff05b3b20d6dbd5652e7c91f7
SHA256bc9d371c174497ee7f28051a1d788f99adeee80f0154f2b709c2e307bf453bf6
SHA512ce8b6ee3f33bb451eec507b93f63252d19cbb19f5c5786db45a1384e53426d58cc4bf8c9be164b1412d7d17d3745d7c5bdb6cd7f99d754dcb9079f0d7aacdff4
-
Filesize
407KB
MD55d26b7322dd4d8de4e8c2cb4e7f7d2f0
SHA11afb6fbc101ac1d40be9c59c85af838a6d556c3c
SHA256e472e7a4d672ee5bf125545518f44497b83168249ba2792cc9387700c21f0e4f
SHA5121f6f6fec9605bdbe91400d7426becbfd435ec6c2f6e5cddc2bbf00744c0932b8a864d75862083ab14e9e846c0caf397fb59976d57de1513be77fc75a58cc0bbb