Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

827245af6c...18.exe

windows7-x64

6

827245af6c...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    02/08/2024, 01:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    827245af6c3bbb06d8eaac18a8297d67_JaffaCakes118.exe

  • Size

    49KB

  • MD5

    827245af6c3bbb06d8eaac18a8297d67

  • SHA1

    99c50e4ac76a005d4471ee71fc91c3c152455ba8

  • SHA256

    902d67ddbbc33eee3e075ebe56a1545a7db5ba1f894047e202cf63e406f6730a

  • SHA512

    b4e47af41f8b4c58bcad274da81821f2fa6236cfede750a394644c46e231be699ce62dd77e9bce2d01b66eed716f8156d9028fa46dce21f2b9741eec294a8cfd

  • SSDEEP

    768:Tgzuq4QESHNzw1FiN0Aklddir9nCV9G5mXQAbKZkRO5Q9mrlptwyOZr8wSwAatK:yuq4QTHNVvk/dm4QYgp1OZrXSfOK

Score
6/10
discovery

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 6 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 3 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\827245af6c3bbb06d8eaac18a8297d67_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\827245af6c3bbb06d8eaac18a8297d67_JaffaCakes118.exe"
    1⤵
    • Enumerates connected drives
    • Drops autorun.inf file
    • Drops file in System32 directory
    • Suspicious use of SetThreadContext
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1812
    • C:\Windows\SysWOW64\svchost.exe
      svchost.exe
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2424
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c date 2005-10-19
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2364
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 136
      2⤵
      • Program crash
      PID:2180

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\{926A036A-1
    Filesize

    49KB

    MD5

    827245af6c3bbb06d8eaac18a8297d67

    SHA1

    99c50e4ac76a005d4471ee71fc91c3c152455ba8

    SHA256

    902d67ddbbc33eee3e075ebe56a1545a7db5ba1f894047e202cf63e406f6730a

    SHA512

    b4e47af41f8b4c58bcad274da81821f2fa6236cfede750a394644c46e231be699ce62dd77e9bce2d01b66eed716f8156d9028fa46dce21f2b9741eec294a8cfd

    Download Submit

  • C:\autorun.inf
    Filesize

    172B

    MD5

    5b89144865f4c7f6e9fa366c2137a959

    SHA1

    83798192f2f88d9831e167ff165b2761e47e9817

    SHA256

    ca193b6a7c88fe3d0c482dcb2103339fd883636cfbfd476dce7ea169e01f1713

    SHA512

    70a15f328289d5b316ce0d36db0bf7630a6f51a31215b4c38eb22b4049128aa894af9b9f25286223996001b1ebb607c0f94496f2215ebf8db8bdbcd7026b107c

    Download Submit

  • memory/1812-20-0x0000000013140000-0x0000000013152000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2424-0-0x0000000013140000-0x0000000013152000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2424-15-0x0000000013140000-0x0000000013152000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2424-19-0x0000000013140000-0x0000000013152000-memory.dmp

    Filesize

    72KB

    Download