Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

746b9e5155...18.exe

windows7-x64

8

746b9e5155...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    140s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    26/07/2024, 14:20 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    746b9e5155240a98d1d748a9a9eae25b_JaffaCakes118.exe

  • Size

    60KB

  • MD5

    746b9e5155240a98d1d748a9a9eae25b

  • SHA1

    7da112336eb3540b769d467bbddbce1ccba316c3

  • SHA256

    e5789d70cecc0a47d8fe57db9afa3c6425dc2765ef69529f4474200394934e5e

  • SHA512

    aeddbca251aaa7ad1359c3d282461c5b7eb1de69773c53e34a27d5f004d58ee77dce23fbf35c35680815063bfaf89745edfa7849613d02e889165a771fe79884

  • SSDEEP

    1536:BU8Cnt9E7sSLOi69qFoc3OBWzr48A+d5CPr/50GmbQnCzw4/XliV:G8cTn+dYWzr48ndUj50GkQCzXfU

Score
8/10
defense_evasiondiscoverypersistence

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Sets service image path in registry 2 TTPs 1 IoCs
    persistence
  • Loads dropped DLL 1 IoCs
  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  • Drops file in System32 directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1324
      • C:\Users\Admin\AppData\Local\Temp\746b9e5155240a98d1d748a9a9eae25b_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\746b9e5155240a98d1d748a9a9eae25b_JaffaCakes118.exe"
        2⤵
        • Drops file in Drivers directory
        • Sets service image path in registry
        • Loads dropped DLL
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: LoadsDriver
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2200
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c del "C:\Users\Admin\AppData\Local\Temp\746b9e5155240a98d1d748a9a9eae25b_JaffaCakes118.exe
          3⤵
          • System Location Discovery: System Language Discovery
          PID:2596

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\xpdhcp.dll
      Filesize

      44KB

      MD5

      0d4d79cd43ea8aa3446c31145391e210

      SHA1

      7cdfebf7cce7375b872b3facc24a8ffb8378a58d

      SHA256

      cd5d40c5aba67d6e3326efe4a96d03d1d32097b516db1cfeadabed1fcbfe5006

      SHA512

      32328a89e9b37b6153a68006e2d6573a1d4d48d5c055d0f1a8f9547208ea42b74a33b1ebc792ac17d99a88f5fe57988e1b93176d1721f708f4ab44f39b32c95d

      Download Submit

    • memory/1324-10-0x0000000002510000-0x0000000002511000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2200-6-0x00000000001C0000-0x00000000001C2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2200-5-0x0000000010000000-0x000000001001E000-memory.dmp

      Filesize

      120KB

      Download

    • memory/2200-4-0x0000000000020000-0x0000000000022000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2200-2-0x0000000001800000-0x0000000001817000-memory.dmp

      Filesize

      92KB

      Download

    • memory/2200-16-0x00000000001C0000-0x00000000001C2000-memory.dmp

      Filesize

      8KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.