Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

a26b0e4ba7...18.exe

windows7-x64

7

a26b0e4ba7...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/08/2024, 11:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a26b0e4ba74df04085b24a65fcfec506_JaffaCakes118.exe

  • Size

    932KB

  • MD5

    a26b0e4ba74df04085b24a65fcfec506

  • SHA1

    213bb150f811e825ece59b7a018aac746b8532ae

  • SHA256

    31ba9f5d990c8fa96734b6d240852e4eac24550c0ad1d86211a0a1eb17947b39

  • SHA512

    47464e7088780faa21a54c723731eea6d97d5df6ec12cc4db3e194ae6b0689b3e2b6b4ba921cba30c8d77844c51eba55384caf945a8a53d502d5be55e83162df

  • SSDEEP

    24576:b9ND5ySTUnULs3yKWmQX2nO9IwSyCZD1NnhJUcBwr:hYyl2O93CZDrnUtr

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a26b0e4ba74df04085b24a65fcfec506_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a26b0e4ba74df04085b24a65fcfec506_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:5048
    • C:\program files\internet explorer\iexplore.exe
      "C:\program files\internet explorer\iexplore.exe"
      2⤵
        PID:4084
      • C:\Users\Admin\AppData\Local\calcs.exe
        "C:\Users\Admin\AppData\Local\calcs.exe"
        2⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:2860

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\calcs.exe
      Filesize

      112KB

      MD5

      829e4805b0e12b383ee09abdc9e2dc3c

      SHA1

      5a272b7441328e09704b6d7eabdbd51b8858fde4

      SHA256

      37121ecb7c1e112b735bd21b0dfe3e526352ecb98c434c5f40e6a2a582380cdd

      SHA512

      356fe701e6788c9e4988ee5338c09170311c2013d6b72d7756b7ada5cda44114945f964668feb440d262fb1c0f9ca180549aafd532d169ceeadf435b9899c8f6

      Download Submit

    • memory/5048-11-0x0000000000400000-0x00000000004F6000-memory.dmp

      Filesize

      984KB

      Download