Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

975469c072...18.exe

windows7-x64

7

975469c072...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    115s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/08/2024, 19:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    975469c072bf5bd08a5a554d56e5ca2e_JaffaCakes118.exe

  • Size

    796KB

  • MD5

    975469c072bf5bd08a5a554d56e5ca2e

  • SHA1

    6093a5d438b3d79efd2086de83520ce2158e9488

  • SHA256

    11e3009d6098b6f6f0ebf9131eb716ade7f7527e890d165e88940a235714fbdf

  • SHA512

    2319906800fbdcf1ab0bbc70b9e803db4a6fabdd84f7ce2c2acd817d50e9cbe3706446f13e58e2066eac002f21269e3e4bb5999d926ec2f40630f5ee45739313

  • SSDEEP

    24576:aBz0zP82ODPW2ODypDXeGxEiPvc54rOk2:x42+PW2+ypDXeGxEiPvc54rZ2

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\975469c072bf5bd08a5a554d56e5ca2e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\975469c072bf5bd08a5a554d56e5ca2e_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4956
    • C:\Users\Admin\AppData\Local\Temp\Joinedout.exe
      C:\Users\Admin\AppData\Local\Temp\Joinedout.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      PID:2632
    • C:\Users\Admin\AppData\Local\Temp\Joinedout2.exe
      C:\Users\Admin\AppData\Local\Temp\Joinedout2.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      PID:4140

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Joinedout.exe
    Filesize

    140KB

    MD5

    c6292aa46d31d6570a43d8e90743a201

    SHA1

    77d9de4e0d29fd9f4c344b3bb246bf892fc1324c

    SHA256

    8eb4f2c4a72dc6a23a258d819820ea2aeb6424d39c07f6ffaa07b5b42e5b2003

    SHA512

    22a1f4464c36d4699fedbb5d891c6ca224a6cac603ef02c617a9281875c0ab9683755e1b05b3b802a68917c5e6a0e0e3f56db48346ddd4679cbf38ef029fc668

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Joinedout2.exe
    Filesize

    632KB

    MD5

    d0d84c31d67bad10b3d6620837b8f58b

    SHA1

    106024d46f55f7feb361b4e2121a1312aa46cbbe

    SHA256

    e763d3e2a0324757e5ee71f8de5039c3fdccb9f681185a1ba1af361a6ad8e2f4

    SHA512

    a12a2f2a593ff4d1deba4bc64a8c2c873307094bdf3aaadc3c3f6f4fa401c695e6ab892e744785a1c27ed9ce4f5a178fc4b34692cc76e2d861b8021023ebae0e

    Download Submit

  • memory/4140-12-0x0000000000400000-0x00000000004A9000-memory.dmp

    Filesize

    676KB

    Download

  • memory/4140-16-0x0000000000400000-0x00000000004A9000-memory.dmp

    Filesize

    676KB

    Download