Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

78b3d52c97...18.exe

windows7-x64

3

78b3d52c97...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/07/2024, 15:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    78b3d52c97314260e27356d3956bb0f1_JaffaCakes118.exe

  • Size

    47KB

  • MD5

    78b3d52c97314260e27356d3956bb0f1

  • SHA1

    5fc875c08f03a50bcfd62d397626be2f006231b1

  • SHA256

    3c5866d457b49e14e82076f0ca75620e169aa2db53ad4e8391a0c01fabf311dc

  • SHA512

    f8f044bf15aff49a79a141a28195775674e75e5668cb0ae6c1462ca899a148e69dc075517b5384e4d10d46b50d2411d294c7b4e23ca140cbe40ee5ba2029a385

  • SSDEEP

    768:o9J8NowRheD8/3rJiUqyet8w9abyzS5E50kyoVonvnRiZljBwiwo5sW3yhz7v76o:o9wvQUreUbyzsB+2myhzT7hOnc

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Kills process with taskkill 1 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\78b3d52c97314260e27356d3956bb0f1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\78b3d52c97314260e27356d3956bb0f1_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3356
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~A410.bat "C:\Users\Admin\AppData\Local\Temp\78b3d52c97314260e27356d3956bb0f1_JaffaCakes118.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1180
      • C:\Windows\SysWOW64\taskkill.exe
        taskkill /f /im CrystalCPUID.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:4416

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\~A410.bat
    Filesize

    61B

    MD5

    be69d75c0f4e2ee49bf59a29677d299f

    SHA1

    f3ea6b8837f8a348db5827bfb8ab51ef2342bbe1

    SHA256

    45249d9816dd98db58f93b3bab153d75e29c7347525d88177bdade85fc71f2ce

    SHA512

    b8e086feeb50876089949d4356ffe1320d74f9c365e257e31812237bcf3d4999ce5819efd619bfd6b90ac9cc813e06bb0d33e57a994456f5febced7d1e0927da

    Download Submit

  • memory/3356-3-0x0000000000400000-0x0000000000412000-memory.dmp

    Filesize

    72KB

    Download