Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

72f5bfddea...18.exe

windows7-x64

7

72f5bfddea...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    143s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/07/2024, 06:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    72f5bfddeae5f957ece8b4960de46c32_JaffaCakes118.exe

  • Size

    667KB

  • MD5

    72f5bfddeae5f957ece8b4960de46c32

  • SHA1

    5da14fd316e15bb62e163f56dad973a975ee23fc

  • SHA256

    127e799afc6b095b189f70a1a6bb61f982de11f3254e3fe00efc7e224b2326fa

  • SHA512

    9aeac00689d0db2a99e800dfa60dad856c5e8edccb3140286e60b83be2469c49438698d616a3ff3a816d3613e3397c290e54ec42ab505a17014044ab25b03ef7

  • SSDEEP

    12288:Uxi8bhD0Pk5xVulAx8abEkbM+5q5FjoMq5Q8WsriqmrMAmGBGvz3:4iKhD0sdx8anbLMq683iOdpD

Score
5/10
discovery

Malware Config

Signatures

  • Drops file in System32 directory 3 IoCs
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\72f5bfddeae5f957ece8b4960de46c32_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\72f5bfddeae5f957ece8b4960de46c32_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1336
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\DelSelf.bat
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4476
      • C:\Windows\SysWOW64\PING.EXE
        ping -n 5 127.0.0.1
        3⤵
        • System Location Discovery: System Language Discovery
        • System Network Configuration Discovery: Internet Connection Discovery
        • Runs ping.exe
        PID:904

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\DelSelf.bat
    Filesize

    249B

    MD5

    99ed49ce04b7ee053ace0a842ad81d39

    SHA1

    52fcc9fd49f6a86e6a110d23a14879b3f43abbc6

    SHA256

    9a093b50fd433722f9478e5f06981967427e842dca3266955e8205adf010f060

    SHA512

    866986fcac857a25dacca424270de5c738d4349d07d23419afc55ee500e742fb0b719d1628bb4461cd23817ea2bed7cef50daa89457d7f1c6ecf654c86e179cb

    Download Submit

  • C:\Windows\SysWOW64\ma7g80ig.dll
    Filesize

    946B

    MD5

    8083295b8f82ebdf86a98c278f64d2f6

    SHA1

    d187a949f457be7a1d5daf382d6b08bd86cf9899

    SHA256

    f84749398c531f23207c282f1f8d1d283db86d7b711e32ecee7e37cac505f636

    SHA512

    ca94564717c254c941d204d38cddabef1cc7c2632fb169c2cc86869a3fd2b0f7821a7dbc1869f6c3c4c9ab6777a64625a33aebffc93db34b6cdda8f7f2f93e12

    Download Submit

  • C:\Windows\SysWOW64\ma7g80ig.dll
    Filesize

    1KB

    MD5

    3202f3fa09f49c36ca47e80024b1aac4

    SHA1

    7bd30b0f2122af2894f7cab1779d2e3e14bdc08a

    SHA256

    b84a27dce0f3d0e241dc4d62054a18ee430d22e3d13d72f61ac7434f20e4fc34

    SHA512

    fc6e6c67416a1fb25017af58c0f7c5bfe9744d0bbac05c751d6021d10e526b755ef48cd7843393ad7b8259aaa8d4ebbff30ca61160fa5c5c5a249b02adc75672

    Download Submit

  • C:\Windows\SysWOW64\ma7g80ig.dll
    Filesize

    1KB

    MD5

    42c302a2ae0f99782b34615627ee6b62

    SHA1

    f104072cdecd7a85d0a2a5e87f1ea247ef5ca855

    SHA256

    f0ff08c1fbee1f1852fe2ce48cfc4e6b087772cf7b57e5670707a4812032b6aa

    SHA512

    f69f1d0d53bcd57d0c032b243a0fd925813e703307a3f199d305324daaf9c7bcf1cae358a21613fdcf55e9ce303e72827c5a0254bd343dcb528a417199387f15

    Download Submit

  • C:\Windows\SysWOW64\ma7g80ig.dll
    Filesize

    2KB

    MD5

    a1c1f71ed013393b2d0c83e2e7b2cb70

    SHA1

    cf4e81b8d08a3b1d8c77ad3392bdf2b3b0e7bc69

    SHA256

    acd8c77bc2efa85d100de458279d782453c94ce5019db13c1658d5e4687efbfa

    SHA512

    68d0817ff5d066b28e49bfbf6a62d0663b3f5bce2b1ee293b4888de825318ae3e56202b6dfef29e20c4ce686a027142a48e8e565cace17c56cd6566c88bebeb1

    Download Submit

  • C:\Windows\SysWOW64\ma7g80ig.dll
    Filesize

    879B

    MD5

    f89c6631ad3825906299055f9b861085

    SHA1

    14c5ee796ab8f15a9d3166c702da0567de3c877c

    SHA256

    630caddd7e8fb24b52c5ce17f8000f3bd1f13b7dc86890e8bf83d3b0f0a9c6c1

    SHA512

    504ccc32d34b70d10af1f5aa8b4480e94747cbc3c15d57422ee0aa290ca6acda450ef69b6f170b9e717b2bd87be16b62c9e310071be77d4a49e78d36abdb7baf

    Download Submit

  • memory/1336-79-0x0000000002390000-0x0000000002391000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1336-83-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download