Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

61ba4e864e...18.exe

windows7-x64

7

61ba4e864e...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/07/2024, 22:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    61ba4e864e63cebea72e0baaf9726eb3_JaffaCakes118.exe

  • Size

    1.6MB

  • MD5

    61ba4e864e63cebea72e0baaf9726eb3

  • SHA1

    2f3306243d12e31f74899bdf1ac8ceacda564d0c

  • SHA256

    729d4c268688ff61cf11bf34eeb2f9699dbd0fa7c08b862396847670137e9cfa

  • SHA512

    a6e5d003596048e665fb08d1254f93d7e5a57fa125303c3659ffb9da2bc56eab601f9e870fdd9e7be620ca70e6f0768be7f5ca5c068f4acc55b252f1a2eccfcc

  • SSDEEP

    49152:01fN5CJGwqES1PJ0mVHYle7gztOraETL9r7:0/UJZ0r7WMay

Score
7/10
spywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\61ba4e864e63cebea72e0baaf9726eb3_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\61ba4e864e63cebea72e0baaf9726eb3_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:5040
    • C:\Users\Admin\AppData\Local\Temp\61ba4e864e63cebea72e0baaf9726eb3_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\61ba4e864e63cebea72e0baaf9726eb3_JaffaCakes118.exe" /wrapper /dir="C:\Users\Admin\AppData\Local\Temp\pkg_1632232850"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:816

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\pkg_1632232850\autorun.txt
    Filesize

    123B

    MD5

    5c2edd9afb67e8ca5747c0bb306ec33a

    SHA1

    c20d65ba954ea9a4927c7b5f9df4248bed0cc23e

    SHA256

    438c211cc16fa4ab56fcbc9dcaae4b60d14faba980fc48072b14920edb7fb264

    SHA512

    9e22e4001fec7bd96c20e2a4af3fbee46fbd45ded44c7b2eb19e986952a82e449cb931f1239f82e54abf85654721ecbcfb56bd8d0f6fbcaa6eef933c35d80d47

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\pkg_1632232850\wrapper.xml
    Filesize

    1KB

    MD5

    3db83f039ef0c6d0f9a2db8e02ab744a

    SHA1

    f0ef7f3666933e3d46f2467f7a48722078de6615

    SHA256

    9a7e0e42263fce0d4521921818a757ff2ca485d16052e8e3287bc281a323daf6

    SHA512

    ba9b807533475d4629b6c798e1fb5ea6a385e26885023461c0167a7effd1878875be5a5c3206c1d04e06c45a929eb841d2bb53663628874b2f030cb2ae0155f1

    Download Submit