Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

675ee23b1d...18.exe

windows7-x64

7

675ee23b1d...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/07/2024, 11:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    675ee23b1db9e71238a5d2a1e9586099_JaffaCakes118.exe

  • Size

    790KB

  • MD5

    675ee23b1db9e71238a5d2a1e9586099

  • SHA1

    68805e1adea47d8b760404cbe0fe7c5c2c30dc90

  • SHA256

    45cb81f1dcbd8d0874e43048479bc3bf133855984a569746ff42bae0904eb1ed

  • SHA512

    a34c196405af233480fd550afc82d5b591653259013139d0a9783ddf77c0f718eb8d1893ce8c2878012fdea903fc8db6aa7342d780eeaaec24eed6bd8f54e41d

  • SSDEEP

    12288:u8CDEETriahXaZpFBl/k0rSp0qihCNL02fQJeKQslyVplwAFIGX805QHO7HknIfs:ufxCiXa/7pg09z2fQJ6LRwAFIG3GSds

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • UPX packed file 14 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\675ee23b1db9e71238a5d2a1e9586099_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\675ee23b1db9e71238a5d2a1e9586099_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:2424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\MBX@978@2121890.###
    Filesize

    2KB

    MD5

    73f40d693f249f173f6a3a5cfd08ad8f

    SHA1

    65ce365b81c207dc78fb5523d89d7861bc41ad9b

    SHA256

    57f518c11e8d3017c67487176438cebc12be06a8eafaf1849501de208521311e

    SHA512

    307f7ac8ddfe56795588572b3b1db188515975f0e3afe6eada789199e6c3b7f83e301df8f6dfff03cf44b2bb6181cfd3e2ebb0a16050639303a2cb25233037f5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MBX@978@21218B0.###
    Filesize

    2KB

    MD5

    274055fd91557d4e76e12e4298e8878d

    SHA1

    25b0ff1a6ad657ebee55a1cbfae3adce66650b4e

    SHA256

    4023a52728143911d5e00ab64ab455e558963326c67ed9fc44f58be80fe41dbd

    SHA512

    c4250ce995b65ec5fbeb39a6db97775063af9d9399df7d0c795d2a7a954fe61a2be99e570c2b50abdefb3c31cf0043938583f13d4db37b17720adb277e416518

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MBX@978@21218C0.###
    Filesize

    2KB

    MD5

    d99a69ced7114834ae65e0eebc528eb5

    SHA1

    9a3e62cc14b7defdbaea2a86cd4b4ed8a5343f0b

    SHA256

    0982d951f9fdfc282741c4a241248e5e1f8eb255136257a87b4042dc9934cf6c

    SHA512

    f7296013b15172d0778e64f2a2abe10232a7803e53439106190f9b709ceaa91d4c71f2399f86bfdc697ed952f34de039473f21b1df0934bff5233985e7ee3c1b

    Download Submit

  • memory/2424-19-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2424-1-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2424-8-0x0000000010000000-0x0000000010137000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2424-10-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2424-9-0x0000000010000000-0x0000000010137000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2424-2-0x0000000000420000-0x000000000042A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2424-17-0x0000000002340000-0x0000000002398000-memory.dmp

    Filesize

    352KB

    Download

  • memory/2424-0-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2424-26-0x0000000002790000-0x00000000027DE000-memory.dmp

    Filesize

    312KB

    Download

  • memory/2424-3-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2424-18-0x0000000002340000-0x0000000002398000-memory.dmp

    Filesize

    352KB

    Download

  • memory/2424-28-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2424-27-0x0000000002790000-0x00000000027DE000-memory.dmp

    Filesize

    312KB

    Download

  • memory/2424-87-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2424-90-0x0000000002790000-0x00000000027DE000-memory.dmp

    Filesize

    312KB

    Download

  • memory/2424-89-0x0000000002340000-0x0000000002398000-memory.dmp

    Filesize

    352KB

    Download

  • memory/2424-88-0x0000000010000000-0x0000000010137000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2424-91-0x0000000000420000-0x000000000042A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2424-109-0x0000000010000000-0x0000000010137000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2424-133-0x0000000010000000-0x0000000010137000-memory.dmp

    Filesize

    1.2MB

    Download