Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

61aa839eff...18.exe

windows7-x64

7

61aa839eff...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    21/07/2024, 22:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    61aa839eff990340142d1077f4e5bd45_JaffaCakes118.exe

  • Size

    953KB

  • MD5

    61aa839eff990340142d1077f4e5bd45

  • SHA1

    b4dfa91cd0e3b740e73c501fcd8022ac721f514b

  • SHA256

    cd0004e7e458180b5503735c43f121ec2e17d8b2163ac3853b4ca656ed181595

  • SHA512

    b88bbd881975fa580bd54b8be7ee7d46d8bcaf89a7383f734b084b53857d9ba75084c04fdaba2ec0ed744ccf543ac88c32afa579a2b69c3339e4e25b6c85d52a

  • SSDEEP

    24576:CjOHprwwhMZBThfsyYtrWmQ3+7oUVj1KuaWr:BwismGuLr

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\61aa839eff990340142d1077f4e5bd45_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\61aa839eff990340142d1077f4e5bd45_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:824
    • C:\Users\Admin\AppData\Local\testaa.exe
      C:\Users\Admin\AppData\Local\testaa.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\testaa.exe
    Filesize

    508KB

    MD5

    d3ad11bbfcbe28f4dc650e2b9d134103

    SHA1

    9208b004387b9124ac21f7045ecdf3f294d8df13

    SHA256

    a5fbf2b20b02caa89a1301eacd40a4ad07c5228023aa65b08c1884fea6272d3a

    SHA512

    a946a569a6e4ad05b27d9ca9838383e6fab55aae58fb70155f8f8c4b272a406226d623842621b10bf569eeceff20be997c85b5aa14d4c94314c920b88acf66f3

    Download Submit

  • \Users\Admin\AppData\Local\ntldr.dll
    Filesize

    237KB

    MD5

    fdc85d7509bc6ab46a0ab204d042251e

    SHA1

    8ce59fc33e6161fafa41f18e2ab78ee6b004c1e5

    SHA256

    0199b81ac43fc0e6db50e586ad9f852eea81902e9fc03b542c007c1ed50340a6

    SHA512

    86579d44392c7e0d7905ee7f42580b6191e2cc48507b91efc60af08674911b142e06b752b002367af4cbab67b7c2f79a4bcb6fc1fd1fbd3d5e7faefe8a39c940

    Download Submit

  • memory/824-12-0x0000000000400000-0x00000000004F9000-memory.dmp

    Filesize

    996KB

    Download

  • memory/2160-11-0x0000000000220000-0x0000000000260000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2160-14-0x0000000000220000-0x0000000000260000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2160-13-0x0000000000400000-0x0000000000489000-memory.dmp

    Filesize

    548KB

    Download