Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

60fda9278c...18.exe

windows7-x64

10

60fda9278c...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    21/07/2024, 18:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    60fda9278c32587c063f0c8f978ab735_JaffaCakes118.exe

  • Size

    136KB

  • MD5

    60fda9278c32587c063f0c8f978ab735

  • SHA1

    c23a96a05d17474b1cd6963a60cfdfa1c39bbff4

  • SHA256

    56697e6820fc8506de19fdc58ad8e940a7616c9076c7c02d1f2cba2d8aafb816

  • SHA512

    6c2e246898964ef8b5f108c6f3ef43625a89b8df6f91606c32bf3ee92dfb336e7a6dc3e93ea7fc47979ec4527b9c3859a5b2f5472c5120367b40ac8113e4716f

  • SSDEEP

    1536:fUA0xj1ihnBpE6d5rqI43olY5hKyUb/rEG+yY:8A0xj0BW6TrqIoolYsRY

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 52 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\60fda9278c32587c063f0c8f978ab735_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\60fda9278c32587c063f0c8f978ab735_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3008
    • C:\Users\Admin\keamia.exe
      "C:\Users\Admin\keamia.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1864

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\keamia.exe
    Filesize

    136KB

    MD5

    83ab73184b44a7286b454067fe8fcbc3

    SHA1

    c7e57feaae869bf47dc7ea2249b97e98691e2f72

    SHA256

    6e3998536bb5e1cc256136a943bfa3b44c3b92a0d72bbabb345406298d4fdbd1

    SHA512

    dc42839900b75baed3747bb2e4f2a9a4c941f7388cc1773dcea1b16a0842bfa364d81aad9da9e6e9355af5573ee572c74ae4c2c614bf02a99b0f50aa758d26fb

    Download Submit