Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

b94438b132...18.exe

windows7-x64

7

b94438b132...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/08/2024, 21:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b94438b1327fb9c79d35acd2f8b248bb_JaffaCakes118.exe

  • Size

    72KB

  • MD5

    b94438b1327fb9c79d35acd2f8b248bb

  • SHA1

    5167019662e631d3f35bc967fdf1d9d08928cc78

  • SHA256

    ff617aa42d285c950b0282c301726302f3916ce76d37d1436058e5462539f361

  • SHA512

    6adebe24e30eaf15336bc5d58a0988baaf536ecf64dacb1983494f7dfb2aaae8fddb965095d66b76dd34eda5841fa8c2e7ff6714cef1c6c0012f15f94334151c

  • SSDEEP

    1536:pgxBd7BUAyxtLDgxNLCntfblILcVAhzp/BYU:swLD89CdbuLw6zp/d

Score
7/10
discoveryevasiontrojan

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b94438b1327fb9c79d35acd2f8b248bb_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b94438b1327fb9c79d35acd2f8b248bb_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Checks whether UAC is enabled
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1524
    • C:\SVCH0ST.COM
      "C:\SVCH0ST.COM" wb
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      PID:2868

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\SVCH0ST.COM
    Filesize

    32KB

    MD5

    3c1489cf535df31ad83c18482ab3908f

    SHA1

    1d2bf1d469742800c26a0b5575fcd77a2a602dc0

    SHA256

    7f89be14cc09351750a7cd48914653d845a768dcabc867c740daa00d3dd99f08

    SHA512

    9927ad6855c1af49fc32d30ab111a2ef3bfa59b3d0cdc13948e1a65e4bb428cd6c6ac49a71676778d1b5f458e78731c1c6cd2d7685d9633566f87ec9db039fee

    Download Submit