Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    22/07/2024, 10:07

General

  • Target

    62cca8ffc96bb576212a19d5a6885295_JaffaCakes118.exe

  • Size

    124KB

  • MD5

    62cca8ffc96bb576212a19d5a6885295

  • SHA1

    16bfaf421e5de7add035b6960b9e4f94736132db

  • SHA256

    8d71c7cdc265a6f4a5899a8723dc46031ce0f4a8be5a550a8cd3509bbe136d90

  • SHA512

    d82b98d2faa0433aa6c8b68dd6cc64f841c7d950e643bb30eba2b03836823d656c4305f7688acb4273c5cde981c7141d5d2934940569821eae296fba3c54a39c

  • SSDEEP

    1536:LdtkjMTQEhU0GgAJa0P1kNmKldCMhdu8KWP/nTn8nBP9VewNeG0h/l:vkjbEhU0GgAT98t

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 53 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\62cca8ffc96bb576212a19d5a6885295_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\62cca8ffc96bb576212a19d5a6885295_JaffaCakes118.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3032
    • C:\Users\Admin\vooqeiv.exe
      "C:\Users\Admin\vooqeiv.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2312

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\vooqeiv.exe

    Filesize

    124KB

    MD5

    eb86cfd6e2f67c75add7c2728ce2f425

    SHA1

    190eeffd6bc64807ec4f454f0ae9eb2dac4471a4

    SHA256

    e526818164ea3ed08012b9aaa5c85300f2715b472099b505893d4be1abea11dd

    SHA512

    1f1ad9c97779ecb711368c025fce1f4148e385c782c4ac0f5e2b5430411ca9ac68cf2a5970634443322049c35f79f8257b1cb74a7e780a0c2f81e9598d245a32