Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

aad36ffbe3...18.lnk

windows7-x64

10

aad36ffbe3...18.lnk

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    19/08/2024, 11:27 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aad36ffbe3fc85f853751f4329a346e9_JaffaCakes118.lnk

  • Size

    685KB

  • MD5

    aad36ffbe3fc85f853751f4329a346e9

  • SHA1

    fd443a1f4dfaa6ad38f0581f58ab38a0b0478770

  • SHA256

    db5d09edc2e9676a41f26f5f4310df9d13abdae8011b1d37af7139008362d5f1

  • SHA512

    430d00f4bc9f6fa18bd257d90deca104752c5a45fdcb4e54eb5a8d08de2daab43a205c0fea57da93fea6d444106534311f44c734f7b396c2c7ad53c74d3a11b1

  • SSDEEP

    12288:cQiqkgLGVRivcLwOtIO1nyhuEBUdw3VTVhUnpn/oGugkCA:cdqLGnZn1NEBUdwapngfgkCA

Score
10/10
evilnumexecutiontrojan

Malware Config

Signatures

  • Evilnum

    A malware family with multiple components distributed through LNK files.

    trojanevilnum
  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\aad36ffbe3fc85f853751f4329a346e9_JaffaCakes118.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1712
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c path=C:\Windows\system32&move "PersonalKYC.pdf.lnk " "C:\Users\Admin\AppData\Local\Temp\1.lnk"&type "C:\Users\Admin\AppData\Local\Temp\1.lnk"|find "END2">"C:\Users\Admin\AppData\Local\Temp\0.js"&wscript "C:\Users\Admin\AppData\Local\Temp\0.js"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2780
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /S /D /c" type "C:\Users\Admin\AppData\Local\Temp\1.lnk""
        3⤵
          PID:2904
        • C:\Windows\system32\find.exe
          find "END2"
          3⤵
            PID:2916
          • C:\Windows\system32\wscript.exe
            wscript "C:\Users\Admin\AppData\Local\Temp\0.js"
            3⤵
              PID:2944

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        We care about your privacy.

        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.