Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

6311a91cfa...18.exe

windows7-x64

7

6311a91cfa...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    22/07/2024, 11:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6311a91cfac8172d55add54445d349fa_JaffaCakes118.exe

  • Size

    29KB

  • MD5

    6311a91cfac8172d55add54445d349fa

  • SHA1

    2bc81254dc4aca60cb0f7547abf3f0c02433521c

  • SHA256

    d136aeabd3373029366e556b9375f607fe98109699fc2bb198acc884c9dd2c05

  • SHA512

    37fc0fe94e514f1c755988860e4b602d1e363dca5f89d05f3567366cfa644e3c22cc5336d57ce206af56414777e5589369e372713d131c6fa7d6636caa3cc7b9

  • SSDEEP

    768:f5FPcghZN2vc7wIBoN9nqPmLKUOHT2hMswd1kLFc0w:xFPlN2vyWNhqvUOH2Tw

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6311a91cfac8172d55add54445d349fa_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\6311a91cfac8172d55add54445d349fa_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:1908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\WowInitcode.dll
    Filesize

    41KB

    MD5

    72593b1cfb4858f5fd5c101eaf79182e

    SHA1

    64b6a59a490475df12fe615cf229941c96ff703f

    SHA256

    45d98f7099ee4df1a8c88add6d206d71357643f06ae9e5c94357fd1bb7562fe2

    SHA512

    e4cef3f052038203fd2a9d6abbca7562747f1868716c17546725aa032c1d781ed17740bc31d83cf69956670862401ea0943bb300c3a4a994c2eb40fb3ab4a4da

    Download Submit

  • memory/1908-0-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1908-4-0x0000000000220000-0x0000000000234000-memory.dmp

    Filesize

    80KB

    Download

  • memory/1908-6-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1908-7-0x0000000000220000-0x0000000000234000-memory.dmp

    Filesize

    80KB

    Download