Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

ac78580d39...18.exe

windows7-x64

7

ac78580d39...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/08/2024, 20:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ac78580d39b4fbc5ef800cab5e2e4423_JaffaCakes118.exe

  • Size

    359KB

  • MD5

    ac78580d39b4fbc5ef800cab5e2e4423

  • SHA1

    185d4fc133587cb9e03e077dd69a8b9c2258a5f2

  • SHA256

    edfc9ead7e6081c73f381bd64e6bcf5e66d6e618dd67a32321e927d7d999232f

  • SHA512

    5e5fe68f950c7de93edeb18ba7602b72810b9c2c18a9b93f51c9f54743f5ae4155ad3301df311d0c5ccc969614f538d84c9e11aefb99bd9d6caca60f6f1ba034

  • SSDEEP

    6144:ZgRyiIWQFpUv4/B+FrM144XlzKlUAzYYbuewX79GtPuB8PxwPh79i5s/CoS9iP6Q:3iMCv45+uK4VKXknewr9GBY85wPTi5sP

Score
7/10
discoveryupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ac78580d39b4fbc5ef800cab5e2e4423_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ac78580d39b4fbc5ef800cab5e2e4423_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:764

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\GetRightToGo\ac78580d39b4fbc5ef800cab5e2e4423_JaffaCakes118.data
    Filesize

    797B

    MD5

    421d0499b8485849559dbc6ce82de7e8

    SHA1

    cd88f3648c864779ca7e8d1c21cabb1b53ad4fe4

    SHA256

    360f52202409f934a77c417e52660003943c59c5d7ff5a6c5a5097868a27f2ae

    SHA512

    13adda94c9a18601f140761669886888a5247a245a4c2ef730447c4cd7a7153978264e00fdeb4b85b688dc6a3a0b453a9816ec3a0c349c93aef40f78161c655b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\GetRightToGo\ac78580d39b4fbc5ef800cab5e2e4423_JaffaCakes118.htm
    Filesize

    635B

    MD5

    33f09577707d079a40f706a18e126d92

    SHA1

    0cef1f55b72a84e584a51e79a6787ea78d74a603

    SHA256

    e7f6bd122fcb829793f4047a5b929668b0a91ebfe31247b479586ec6d8f2b378

    SHA512

    5538c5b4e538a97796bfc412b3a81449931a9bbc1fa4e69500a0b30b35c1259bda857f392d85d87893999098bc88a432f28d2f699fadc295709a75b8113933cb

    Download Submit

  • memory/764-0-0x0000000000400000-0x000000000050D000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/764-16-0x0000000000400000-0x000000000050D000-memory.dmp

    Filesize

    1.1MB

    Download