Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

628129d82e...18.exe

windows7-x64

7

628129d82e...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    125s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    22/07/2024, 08:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    628129d82ec97d79097919fc880e3b10_JaffaCakes118.exe

  • Size

    293KB

  • MD5

    628129d82ec97d79097919fc880e3b10

  • SHA1

    0f6c02e4d2b17a32e0ffe34cd288b8f0b2fc1298

  • SHA256

    eca5013a84161b2d0fbf1ab850c0078bcee0ad8bea09c9b5b3a24881661485c4

  • SHA512

    32e3766edf3b9de339337a73a5e1f1b6b80e537c44c0082d94d29274be98d551c602d1b01d0bf4c3fbbd9c9064e843b2bcc30aa39a55aa3ad43ae53b1ac26ced

  • SSDEEP

    6144:mpo9IhQ6CptIuDtfPZpdN8UO/tP8A+cx3dd8xJzfDELiB+CetzlVtTXM:dihXEBZ3RKUOFKcx3w7rDlB+Cm3

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\628129d82ec97d79097919fc880e3b10_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\628129d82ec97d79097919fc880e3b10_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2416
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\004A0AAF.BAT
      2⤵
      • Deletes itself
      PID:2840
  • C:\Windows\tasks\svchost.exe
    C:\Windows\tasks\svchost.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\004A0AAF.BAT
    Filesize

    218B

    MD5

    3d1375c7e5a75f18283701c254979d5d

    SHA1

    0e74b92cb6d5000016fb1b40d8cb93c6d7094c0e

    SHA256

    31ac8a7fd7cf0db22b833a0c687c06df14cf8c875f26dd78fa1cde142a099f3d

    SHA512

    38c8acdeaf40e3ebfa759f0ec2f483f964c9094807bc057ad21f07846305b997ddece80d584e3922cf2a2434c2aa83ae03e051433594bd1bfe4a1e6f65225dbe

    Download Submit

  • C:\Windows\Tasks\svchost.exe
    Filesize

    293KB

    MD5

    628129d82ec97d79097919fc880e3b10

    SHA1

    0f6c02e4d2b17a32e0ffe34cd288b8f0b2fc1298

    SHA256

    eca5013a84161b2d0fbf1ab850c0078bcee0ad8bea09c9b5b3a24881661485c4

    SHA512

    32e3766edf3b9de339337a73a5e1f1b6b80e537c44c0082d94d29274be98d551c602d1b01d0bf4c3fbbd9c9064e843b2bcc30aa39a55aa3ad43ae53b1ac26ced

    Download Submit

  • memory/2416-2-0x0000000000401000-0x00000000004C1000-memory.dmp

    Filesize

    768KB

    Download

  • memory/2416-1-0x0000000000400000-0x000000000050A446-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2416-0-0x0000000000400000-0x000000000050A446-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2416-3-0x0000000000400000-0x000000000050A446-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2416-6-0x0000000000400000-0x000000000050A446-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2416-19-0x0000000000401000-0x00000000004C1000-memory.dmp

    Filesize

    768KB

    Download

  • memory/2416-20-0x0000000000400000-0x000000000050A446-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2576-9-0x0000000000400000-0x000000000050A446-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2576-11-0x0000000000400000-0x000000000050A446-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2576-22-0x0000000000400000-0x000000000050A446-memory.dmp

    Filesize

    1.0MB

    Download