Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

ac9f2259ac...18.exe

windows7-x64

7

ac9f2259ac...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    19/08/2024, 21:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ac9f2259ac4b8c19db9123e822f3a107_JaffaCakes118.exe

  • Size

    1.1MB

  • MD5

    ac9f2259ac4b8c19db9123e822f3a107

  • SHA1

    88267d8ac120780655976607f02b960bedf3a9b5

  • SHA256

    c3cb9eea09d75baf41a2f144cc13f68a1c0b1629dccdf9f60a4dfdc5f57161ff

  • SHA512

    35002ce9923ad9cd656c48b0b8b1e12bd2fcdc8081328c287277909201ed53a8332c07a7fbb181eae9a73516a2246936788459dfd632db6ebf2017466261c216

  • SSDEEP

    24576:uY7426SR4y0K2+ObYkmOBkSCk0Oshvqb4UVlavIK:uwZKbVSSCJFrgla

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ac9f2259ac4b8c19db9123e822f3a107_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ac9f2259ac4b8c19db9123e822f3a107_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2324
    • C:\Users\Admin\AppData\Roaming\4EE95EEDAD340BE0DED876AB03A25D15\ftbret24lt0.exe
      "C:\Users\Admin\AppData\Roaming\4EE95EEDAD340BE0DED876AB03A25D15\ftbret24lt0.exe" -i 4EE95EEDAD340BE0DED876AB03A25D15 7071624100
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2280

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\4EE95EEDAD340BE0DED876AB03A25D15\local.ini
    Filesize

    25KB

    MD5

    4cedefbdba364223db3bbc5b6647648d

    SHA1

    2456630305827aa2b090b65e646dac73bc8e29dc

    SHA256

    3e2b3d7fc990e3fb36e2e8ee83de74d29e71e04e8d37ee348d0f8ca86eb52f3b

    SHA512

    fc080dfadb4259c4a859b83a2a0fa8ef5518b96b7c756f9646b2f89b28a88aa8b72bdef9c8e2f314977448c28a1ecc07a973c31f716ae38a57102a958c91f564

    Download Submit

  • \Users\Admin\AppData\Roaming\4EE95EEDAD340BE0DED876AB03A25D15\ftbret24lt0.exe
    Filesize

    1.0MB

    MD5

    4d60e2a263831d0a556a9e3e930fa313

    SHA1

    020db90c81fd3fcb2b2fbf37ea07209b03ba05e0

    SHA256

    3c3ff9960dba55d5529e17c8ea579274303f59045a653f49ed51f2124f39b35e

    SHA512

    32afd89d9e2bd53dd5657292562bfc39af72c8735bb0a247808705754cad56977284561294ea89a197938e06e40a702ade255a3626b1158394f9c76d36ca6725

    Download Submit

  • memory/2280-24-0x0000000000400000-0x0000000000654000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2280-69-0x0000000000400000-0x0000000000654000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2280-58-0x0000000000400000-0x0000000000654000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2280-57-0x0000000000400000-0x0000000000654000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2280-25-0x0000000000400000-0x0000000000654000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2280-21-0x0000000000400000-0x0000000000654000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2280-20-0x0000000000400000-0x0000000000654000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2280-23-0x0000000000400000-0x0000000000654000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2324-15-0x0000000000400000-0x0000000000522000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2324-14-0x0000000001E70000-0x0000000001F8A000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2324-13-0x0000000002580000-0x00000000027D4000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2324-0-0x0000000000400000-0x0000000000522000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2324-16-0x0000000002580000-0x00000000027D4000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2324-12-0x0000000000401000-0x000000000045B000-memory.dmp

    Filesize

    360KB

    Download

  • memory/2324-2-0x0000000000290000-0x0000000000291000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2324-3-0x0000000000401000-0x000000000045B000-memory.dmp

    Filesize

    360KB

    Download

  • memory/2324-1-0x0000000001E70000-0x0000000001F8A000-memory.dmp

    Filesize

    1.1MB

    Download