Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

96e83c50ad...18.exe

windows7-x64

3

96e83c50ad...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/08/2024, 17:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    96e83c50ad7b185c677400336fd6128a_JaffaCakes118.exe

  • Size

    285KB

  • MD5

    96e83c50ad7b185c677400336fd6128a

  • SHA1

    d61a0cc41583fa0c749d9b12a7c2792edbb7387d

  • SHA256

    d825e51755154ad72e803cb5bc9ebf841cdd29192bf3d8b762319e71852a2bd1

  • SHA512

    231742e97aabe048cfdea59d244a5c7f4140b931e7e799b2bfef67187129e028b39e67729b35f45adc6a0126c721c5cddb09f2261a69b04d85da8b9ab803e1ca

  • SSDEEP

    6144:NTYdJQRiFwRMgPx3eLNBmIHTySx03qUvdCLBhTYimDwwF:hqQcFwRMYo5BTFS3jvE9Oiq

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 7 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\96e83c50ad7b185c677400336fd6128a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\96e83c50ad7b185c677400336fd6128a_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:3896

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Settings.ini
    Filesize

    186B

    MD5

    db594ef6d3eb5c89ccbd5528d70b70fd

    SHA1

    b67faedb66a8c7f82279682520d2068bd906e028

    SHA256

    e511a52d53d2f3122e9c8928165b943074b0ed5ad2f9db048d6537d12b069e8b

    SHA512

    2613e2027095cd178629b0f18f6b0436e9fb5bae19d2c94c1cf846f88d71b5ee92fe69c3ed53e22909f079c654af175974b7c6358276d380fae7977ebb63d23c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Settings.ini
    Filesize

    33B

    MD5

    1202b8140cdc28f15cebd82a2a6498e2

    SHA1

    2b135c92b93530bd64ca87f1bc313e291bb9cb8a

    SHA256

    b526bb10c75f0c5695d2decf29f841271b7cc16615f37dfc305ca669888e01f1

    SHA512

    275151ad9152636a8f57ac1b357b010dfd8df4070baa2d326c11fe03ea10e6deb41919bdf29d2eeb86931663bdcc8f4a8e5b1a6e0ed32d448c0c2c5e4b027d5a

    Download Submit

  • memory/3896-54-0x0000000000400000-0x00000000004E9000-memory.dmp

    Filesize

    932KB

    Download

  • memory/3896-55-0x0000000000400000-0x00000000004E9000-memory.dmp

    Filesize

    932KB

    Download

  • memory/3896-3-0x0000000000400000-0x00000000004E9000-memory.dmp

    Filesize

    932KB

    Download

  • memory/3896-2-0x0000000000400000-0x00000000004E9000-memory.dmp

    Filesize

    932KB

    Download

  • memory/3896-50-0x0000000000400000-0x00000000004E9000-memory.dmp

    Filesize

    932KB

    Download

  • memory/3896-51-0x0000000000400000-0x00000000004E9000-memory.dmp

    Filesize

    932KB

    Download

  • memory/3896-52-0x0000000000400000-0x00000000004E9000-memory.dmp

    Filesize

    932KB

    Download

  • memory/3896-53-0x0000000000400000-0x00000000004E9000-memory.dmp

    Filesize

    932KB

    Download

  • memory/3896-0-0x0000000000400000-0x00000000004E9000-memory.dmp

    Filesize

    932KB

    Download

  • memory/3896-1-0x0000000000400000-0x00000000004E9000-memory.dmp

    Filesize

    932KB

    Download

  • memory/3896-56-0x0000000000400000-0x00000000004E9000-memory.dmp

    Filesize

    932KB

    Download

  • memory/3896-57-0x0000000000400000-0x00000000004E9000-memory.dmp

    Filesize

    932KB

    Download

  • memory/3896-58-0x0000000000400000-0x00000000004E9000-memory.dmp

    Filesize

    932KB

    Download

  • memory/3896-59-0x0000000000400000-0x00000000004E9000-memory.dmp

    Filesize

    932KB

    Download

  • memory/3896-60-0x0000000000400000-0x00000000004E9000-memory.dmp

    Filesize

    932KB

    Download

  • memory/3896-61-0x0000000000400000-0x00000000004E9000-memory.dmp

    Filesize

    932KB

    Download

  • memory/3896-62-0x0000000000400000-0x00000000004E9000-memory.dmp

    Filesize

    932KB

    Download

  • memory/3896-63-0x0000000000400000-0x00000000004E9000-memory.dmp

    Filesize

    932KB

    Download