Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

8a24a49b80...18.exe

windows7-x64

8a24a49b80...18.exe

windows10-2004-x64

Analysis

  • max time kernel
    6s
  • max time network
    7s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    11/08/2024, 11:12 UTC

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    8a24a49b8084c9f9a5253b8c61a92604_JaffaCakes118.exe

  • Size

    92KB

  • MD5

    8a24a49b8084c9f9a5253b8c61a92604

  • SHA1

    24701e7f2621ce930a773e9084150eab44921610

  • SHA256

    3cab2911a45143eab5d5936ff49c3d3f2f124f17d5af37fd354bce743f049f2c

  • SHA512

    fcfaea1e68cc74f29c78c4e913d5bf201890af5b051a53106ca9c9ea7028f04df91b9ae39aa6b50ec4c2be6b209c9014f612aafd64be664a134d9579eb0cda25

  • SSDEEP

    1536:EfzVb/lky1c81RmxrqxKH5mrvS4V0XTsT464tRpI+EVqOj8FIGoCJlIU:Ixjr1tmxjHSvS4V0XIT49re+wqOzGoCX

Score
8/10
discoverypersistenceprivilege_escalation

Malware Config

Signatures

  • Event Triggered Execution: AppInit DLLs 1 TTPs

    Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    persistenceprivilege_escalation
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8a24a49b8084c9f9a5253b8c61a92604_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8a24a49b8084c9f9a5253b8c61a92604_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    PID:1916
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:2128
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:1184

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1184-6-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1916-0-0x0000000001000000-0x0000000001018000-memory.dmp

        Filesize

        96KB

        Download

      • memory/1916-2-0x0000000001000000-0x0000000001018000-memory.dmp

        Filesize

        96KB

        Download

      • memory/1916-1-0x0000000001001000-0x0000000001002000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2128-5-0x0000000002D70000-0x0000000002D71000-memory.dmp

        Filesize

        4KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.