Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

771b8e6d5c...18.exe

windows7-x64

7

771b8e6d5c...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    27/07/2024, 04:48 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    771b8e6d5c61711d62f8ea4d693a76d0_JaffaCakes118.exe

  • Size

    1.2MB

  • MD5

    771b8e6d5c61711d62f8ea4d693a76d0

  • SHA1

    b0fcd7815426fdefab32e8fb9a9597b563e3c1f5

  • SHA256

    1c95226e592be7f097f657f71e659a55638bfc61cc77a5fc76dd4c55b050b7eb

  • SHA512

    2cfd146e23cf80a3d9973a3d01f44b53e8c0bcb9473fee694103443e468e0556156a723c522202cfef279f5199b9f3276b55b75f228f5120b2172abff60da775

  • SSDEEP

    12288:4r8uWVM9sCmev9C3BoADl+lbuk492hx5L4v9pynd/BYBJ3Zi:48uWmsRHxvDlZ9v9Ti

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Program Files directory 3 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\771b8e6d5c61711d62f8ea4d693a76d0_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\771b8e6d5c61711d62f8ea4d693a76d0_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3028
    • C:\Program Files\Agraszka\Zitteralnd\uohgjbnbfdsvb.exe
      "C:\Program Files\Agraszka\Zitteralnd\uohgjbnbfdsvb.exe" NULL
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      PID:2776

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Agraszka\Zitteralnd\uohgjbnbfdsvb.exe
    Filesize

    572KB

    MD5

    fb4c89b568b8e4ae2824e9cca9ca67b9

    SHA1

    125d778b91d74f3e84f23c2a387d7d9668bce3f5

    SHA256

    017daef70efa90e1f6d91486487ced2aaa22f814cbc165f336e3b27738db5f22

    SHA512

    c77905cb293a6cc181f1f0bc22ed5aef4f929d60c6fe0a031f1ed3503ebc7577d2ada7da97d8528ddd41af177de5abff4c7228f19cb7143021c2290d7e815b9c

    Download Submit

  • memory/2776-17-0x0000000000400000-0x0000000000459000-memory.dmp

    Filesize

    356KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.