Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

ac1c38584d...18.exe

windows7-x64

7

ac1c38584d...18.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    19/08/2024, 18:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ac1c38584d2d9fc5a5106d5c234cea6d_JaffaCakes118.exe

  • Size

    35KB

  • MD5

    ac1c38584d2d9fc5a5106d5c234cea6d

  • SHA1

    9e145f4a51ec2df8ead453408246149000237730

  • SHA256

    9155e765341bd9666874dde1912d48016c0c19cf81bdc8eb2408b6f54e47fbf4

  • SHA512

    35b1f4394cf33550ee789b6d9bf5827383de5cd4295baf2cc94fc0c2e364690d86132b0f6d2a949c629a1de4e1aebee9e12c7a1b7c7e444047f969915a2408b7

  • SSDEEP

    768:D5xlcWVd0wGG/9S0gX2Kx3SPcM8jW95Lb8ndi9GwcYBtj5C:lxlc6d0wGa8X2iSPcQLb8ndi1tjNC

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ac1c38584d2d9fc5a5106d5c234cea6d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ac1c38584d2d9fc5a5106d5c234cea6d_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2624
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c mr.bat
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2796

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\mr.bat
    Filesize

    346B

    MD5

    ae233de127ff3f273259a11b57b038dc

    SHA1

    d02875099d5977c149e42e47d85167143655aa20

    SHA256

    756375da66d364b64348fe08988c1b608aa11667092757f13bba87a158bab1fa

    SHA512

    066008ccc3d2d661bcd18d738d3493ccb1d0fa47364a77235b3d95ba21d16f45545184fec8258c1df882f1450b1b398f8a16c448a5a493b279d040a9f318d9c8

    Download Submit

  • \Windows\SysWOW64\WINMSCABC.ime
    Filesize

    11KB

    MD5

    6d0701b4a25913d43f52420b1e9e9d3c

    SHA1

    6c930b49c0bb5b060103e15e739ab2be8aec62d6

    SHA256

    3a35f1ae56855d00d3be891407957720b0dec0d06a2f072207aedb7cc8ae10ba

    SHA512

    5c07a14956be7f5dbf1ad167cb576ac785a24dad5c6e9446c78978247a3a7e1b600457a2d04ff4b6c9851352a56733cc58bf9ddf98b91a3e9bf4d6335d251ada

    Download Submit

  • \Windows\SysWOW64\substdals.dll
    Filesize

    44KB

    MD5

    9709bf51731095764f071c8d2dbff25e

    SHA1

    d67d51f4bd6497057ea9b4ef9d7e5d14ace569ef

    SHA256

    54630a9cbb96b52e45146063c40a37b11c4a6ec90b3d691b5a054103a2754bfb

    SHA512

    9197c10f0c11eca44fd5cb5f45bc06df63d8b2111f5156f622528fbddef75fc1244c2175451202799d0894faa98ed9139b012e366f58a5205277e7012b5db0cf

    Download Submit

  • memory/2624-5-0x0000000000220000-0x0000000000230000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2624-18-0x0000000010000000-0x0000000010016000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2624-17-0x0000000010000000-0x0000000010016000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2624-16-0x0000000010000000-0x0000000010016000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2624-11-0x0000000010000000-0x0000000010016000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2624-27-0x0000000000220000-0x0000000000230000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2624-26-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download