Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

ac70ad1ea3...18.exe

windows7-x64

3

ac70ad1ea3...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    133s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/08/2024, 20:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ac70ad1ea3f351140fc79d7393d08d59_JaffaCakes118.exe

  • Size

    108KB

  • MD5

    ac70ad1ea3f351140fc79d7393d08d59

  • SHA1

    dbf13a35162735c7c50df0094ec38420c309c1dd

  • SHA256

    cfd820c2026cae6661d785382d6d4f2ed9e5c4063e5aa5caf98eab710f188ba4

  • SHA512

    15acb64b8393c52f89260f86d92ef1978ab17ea6bf2c3b2845506c8cce0b18aac5393ac107a37c6dfa79cc2b64208fd1531fb6ddbe4a521879b43cbee91c6dd8

  • SSDEEP

    3072:LLjSeV2c+57XChqSlZE6kPFrgwUpJIJte4A:L6ec752lS6YL0ebex

Score
10/10
salitybackdoordiscoveryupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Signatures

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality
  • Executes dropped EXE 1 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ac70ad1ea3f351140fc79d7393d08d59_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ac70ad1ea3f351140fc79d7393d08d59_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3528
    • C:\Program Files\Java\jre-1.8\launch4j-tmp\ac70ad1ea3f351140fc79d7393d08d59_JaffaCakes118.exe
      "C:\Program Files\Java\jre-1.8\launch4j-tmp\ac70ad1ea3f351140fc79d7393d08d59_JaffaCakes118.exe" -Djava.library.path=lib -Xmx512m -classpath "lib\SweetHome3D.jar;lib\Furniture.jar;lib\Textures.jar;lib\Help.jar;lib\Loader3DS1_2u.jar;lib\iText-2.1.7.jar;lib\freehep-vectorgraphics-svg-2.1.1.jar;lib\sunflow-0.07.3f.jar;lib\jmf.jar;lib\j3dcore.jar;lib\j3dutils.jar;lib\vecmath.jar;jre6\lib\javaws.jar" com.eteks.sweethome3d.SweetHome3D
      2⤵
      • Executes dropped EXE
      PID:396

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Java\jre-1.8\launch4j-tmp\ac70ad1ea3f351140fc79d7393d08d59_JaffaCakes118.exe
    Filesize

    285KB

    MD5

    7fb44c5bca4226d8aab7398e836807a2

    SHA1

    47128e4f8afabfde5037ed0fcaba8752c528ff52

    SHA256

    a64ead73c06470bc5c84cfc231b0723d70d29fec7d385a268be2c590dc5eb1ef

    SHA512

    f0bd093f054c99bcc50df4005d0190bd7e3dcefea7008ae4c9b67a29e832e02ae9ff39fa75bc1352c127aeb13afdea9bfdcc238ac826ef17f288d6fbd2ec8cab

    Download Submit

  • memory/396-9-0x000001E716980000-0x000001E716BF0000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/396-18-0x000001E716960000-0x000001E716961000-memory.dmp

    Filesize

    4KB

    Download

  • memory/396-19-0x000001E716980000-0x000001E716BF0000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/3528-0-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/3528-1-0x00000000028A0000-0x00000000038D3000-memory.dmp

    Filesize

    16.2MB

    Download

  • memory/3528-6-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/3528-20-0x00000000028A0000-0x00000000038D3000-memory.dmp

    Filesize

    16.2MB

    Download