Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

a8575ad7e4...18.exe

windows7-x64

7

a8575ad7e4...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    134s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/08/2024, 21:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a8575ad7e4b518dcc0132beeb5e56b2e_JaffaCakes118.exe

  • Size

    688KB

  • MD5

    a8575ad7e4b518dcc0132beeb5e56b2e

  • SHA1

    0470dc00ccfef1dbc7e2cc42d53a510e98c85485

  • SHA256

    2f626bb0ebc0f4040d6130ba3a365ef0cb0bf24c491550bcd228ba0e03660023

  • SHA512

    a35beed0d120c5a2cff254cd87f15db9de8249a7ccfcf2f3c744515934309bdc98e62079536a2cddc29c355da6bf48770329bace2132d094d1fa35de57e6ef07

  • SSDEEP

    12288:EhE+KlDFbXAfm0lUjRxq9+JNzcjHJF+9v9AvodyB+wnC+oKCkXSeg1VDaDkjPPOB:EhE+KJZeHsPq9+fzcrD8qodyB+cCBUX5

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a8575ad7e4b518dcc0132beeb5e56b2e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a8575ad7e4b518dcc0132beeb5e56b2e_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:4756

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\E_N4\krnln.fnr
    Filesize

    1.1MB

    MD5

    638e737b2293cf7b1f14c0b4fb1f3289

    SHA1

    f8e2223348433b992a8c42c4a7a9fb4b5c1158bc

    SHA256

    baad4798c3ab24dec8f0ac3cde48e2fee2e2dffa60d2b2497cd295cd6319fd5b

    SHA512

    4d714a0980238c49af10376ff26ec9e6415e7057925b32ec1c24780c3671047ac5b5670e46c1c6cf9f160519be8f37e1e57f05c30c6c4bda3b275b143aa0bf12

    Download Submit

  • memory/4756-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/4756-6-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download