Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

68d8877751...18.exe

windows7-x64

8

68d8877751...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    129s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    23/07/2024, 20:39 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    68d8877751499e56bb32f0adc3be8ef7_JaffaCakes118.exe

  • Size

    41KB

  • MD5

    68d8877751499e56bb32f0adc3be8ef7

  • SHA1

    41f6a1ae676dc1533691a9b0ccb54e63232bfdd4

  • SHA256

    efd6afacdcb5ab5324b292f57030150a730b0faa778b693d5a8d51e5be266235

  • SHA512

    133cad7fa6f89cff591449b85fb739ff3e494a7f86f5f3b4d428923bd26c7fbf00870ccc45c6d9e14e5097150423d77d763c7d670cc005e83f27f64f26f4a84a

  • SSDEEP

    768:Y5qiEdRL4oVmB5QSdIcGnf7ngRJqFbyVfm4LF1Y232WDQsz/b7XTY:YCrLBbbgSbyA4y2m9w/b7M

Score
8/10
defense_evasiondiscovery

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Deletes itself 1 IoCs
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Windows directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of WriteProcessMemory 25 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\68d8877751499e56bb32f0adc3be8ef7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\68d8877751499e56bb32f0adc3be8ef7_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of SetThreadContext
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1716
    • C:\Windows\Fonts\svchost.exe
      C:\Windows\Fonts\svchost.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2536
    • C:\Windows\Fonts\sys
      C:\Windows\Fonts\sys
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer start page
      • Suspicious use of WriteProcessMemory
      PID:2308
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c del C:\Windows\Fonts\sys
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2984
    • C:\Windows\Fonts\cmvd
      C:\Windows\Fonts\cmvd
      2⤵
      • Drops file in Drivers directory
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2648
    • C:\Windows\SysWOW64\svchost.exe
      svchost.exe
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:2612
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c c:\DEL.bat
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      PID:1744

Network

    No results found
  • 10.127.1.1:445
    svchost.exe
    152 B
     3
  • 10.127.1.2:445
    svchost.exe
    152 B
     3
  • 10.127.1.3:445
    svchost.exe
    152 B
     3
  • 10.127.1.4:445
    svchost.exe
    152 B
     3
  • 10.127.1.5:445
    svchost.exe
    152 B
     3
  • 10.127.1.6:445
    svchost.exe
    152 B
     3
  • 10.127.1.7:445
    svchost.exe
    152 B
     3
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\DEL.bat
    Filesize

    210B

    MD5

    631c981a17a4fc383338499be2d3c54d

    SHA1

    939b18c132d79eb45b2dafc7404f3801b8af66df

    SHA256

    b75c375547aed0c1b8bdc66c64fc150561c5e53032be6a70f73a47e47b7576c2

    SHA512

    708102b5179af0363e9805b2ed4f595fd6af806c1d1fe04a7de5fc461a787360ffd81dfed04320a4449dc9dab7b8a665962c65542d4e16404d7a7c2131158470

    Download Submit

  • \Windows\Fonts\cmvd
    Filesize

    12KB

    MD5

    639dddb9569e6e888bdb522bc4de2123

    SHA1

    0807b27b4fd30014bc31b9d8966f9b4ce669f448

    SHA256

    c36c9ecc093bfee8f1f655f86b0274be1c47cb731b48aed76efb37147a441219

    SHA512

    f1dd408a904dd66bb04d999b7f0b0c31071204ea973260106730dd85ec6ca76da4073333f2ef627c4bcc08481e4e419075da99385a99f368cc56fd576f609eda

    Download Submit

  • \Windows\Fonts\svchost.exe
    Filesize

    8KB

    MD5

    18d83ff4d2b965f7c3e549313daa78ff

    SHA1

    faa5caa0e26b7c3a11cc6beb00ffe59f385f6e86

    SHA256

    ca301ac439ac6df8bf3c1538cbd2268fe68306d5036c4232ff7b3af86e263e4f

    SHA512

    663bd821c1f78001eed01cc6046382d56bee28f41dd208a641f725f80fc4b1948ae4d073dc97185e3c9357eeeb67111e88d31286db805243908974dce33fe99c

    Download Submit

  • \Windows\Fonts\sys
    Filesize

    1KB

    MD5

    bfc129b8f581799d9599acb0ed96837a

    SHA1

    686cd7cda5b150e39280f50fb4182005cf4f17be

    SHA256

    54fab61096be4c60a67e21bb4f731c788f00b27476a08c19946095602277de80

    SHA512

    58ee343ae4eb7c8713ad46b34b5474eddc557794ecd77688a35bdf7eefa899f9f43b4a9820fba2785eb004e19a34e771cedadbe42ec5fc61fbbeef6102680dc3

    Download Submit

  • \Windows\SysWOW64\dslcaodig.dll
    Filesize

    13KB

    MD5

    94cedcd65c1c490fa00de9618ec7cdf4

    SHA1

    6d8365a15e4224f1d06bd0044435ea51ea77850e

    SHA256

    ac9d0f96d48b4b4238e216337aa395e932980e84a3fe738505d3a4dda5bca511

    SHA512

    f0e3b56cab7214fa3a0d3a6475d4b8108df06c4448a7c5ee9edfe0346da2891473dc75436bf414ef0ae0d902514d1b14de00568c79edf3bba7f9a0d0234f4463

    Download Submit

  • memory/1716-10-0x0000000000220000-0x0000000000229000-memory.dmp

    Filesize

    36KB

    Download

  • memory/1716-9-0x0000000000220000-0x0000000000229000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2536-12-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2536-15-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2536-14-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2536-11-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2612-46-0x0000000000160000-0x0000000000161000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2612-48-0x0000000000020000-0x0000000000030000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2612-47-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/2612-35-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/2612-50-0x0000000000020000-0x0000000000030000-memory.dmp

    Filesize

    64KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.