Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

aaa6ce5c67...18.exe

windows7-x64

7

aaa6ce5c67...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    136s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/08/2024, 10:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aaa6ce5c677b3c38cfb9f6d4e2d9f878_JaffaCakes118.exe

  • Size

    4.0MB

  • MD5

    aaa6ce5c677b3c38cfb9f6d4e2d9f878

  • SHA1

    153178bd2e909c827b5c8f74ac8f464247ed4314

  • SHA256

    d531bb88f09d76a70b36d9ef4790a736dc4c0d6ba3a63187c228fc982b533c95

  • SHA512

    164f0b28794e527c97220ad6b89a462f3fe17c061f8f93052097439965877ec15eb631197a2e82b97b50b5ec750b7dd0a90584ba4b1f261dfd39f8605c8ba42d

  • SSDEEP

    98304:NhSf5W8Brs1+4afc3Ty1rXm+4p7hsSnl+pUo6IXp6:bGhBs1Zk7z4p7uSn1a8

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aaa6ce5c677b3c38cfb9f6d4e2d9f878_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\aaa6ce5c677b3c38cfb9f6d4e2d9f878_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4908
    • C:\Users\Admin\AppData\Local\Temp\_B6EC.tmpac7d.exe
      "C:\Users\Admin\AppData\Local\Temp\_B6EC.tmpac7d.exe" -p"09:03 PM" -y -o"C:\Users\Admin\AppData\Roaming\Security Monitor"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:5080
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 896
      2⤵
      • Program crash
      PID:3424
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4908 -ip 4908
    1⤵
      PID:3456

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\_B6EC.tmpac7d.exe
      Filesize

      2.7MB

      MD5

      be76e3051c9d0d20fea5699195e77305

      SHA1

      2098c8ca26ddb73839b5fbf7c24924a3f47ebfff

      SHA256

      be21bc17c1f9bf15b199dca63abe20d9ea8bc01a2e4e870185ac08dfd81f7ff0

      SHA512

      88d2ba128fe376430624624bb9b94f8dc8104531f1d56b77cf77a7a007e62fe6aa783def0861b46b3f790d30b8a1b4083e2bdd2c68522b8add1bf15e82076c4b

      Download Submit

    • memory/4908-0-0x0000000002E20000-0x00000000031F2000-memory.dmp

      Filesize

      3.8MB

      Download

    • memory/4908-1-0x0000000000400000-0x0000000000BB4000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4908-2-0x0000000002D20000-0x0000000002D21000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4908-3-0x0000000000401000-0x00000000005E5000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/4908-21-0x0000000002E20000-0x00000000031F2000-memory.dmp

      Filesize

      3.8MB

      Download

    • memory/4908-20-0x0000000000401000-0x00000000005E5000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/4908-19-0x0000000000400000-0x0000000000BB4000-memory.dmp

      Filesize

      7.7MB

      Download