Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

3

b76f2dd18e...18.exe

windows7-x64

4

b76f2dd18e...18.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/08/2024, 11:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b76f2dd18e555704fdfd1b212abd8fc7_JaffaCakes118.exe

  • Size

    414KB

  • MD5

    b76f2dd18e555704fdfd1b212abd8fc7

  • SHA1

    3310c4a45e2512c72f085814632161ff12a794a1

  • SHA256

    93010ce05fda48d1c116c660d19974de8814edff54a0260ef87d37b722a843f1

  • SHA512

    badfb1f68b01f365cbfb4987cd9cd1278b16bc75447c0cf4e7e3d12715239b0bf5bda15c53c4cda8536631d5b6f0a66b632929d69cf2b43e37e465d6dece8aa7

  • SSDEEP

    6144:m/GzBKRBM7s3mRr+ol8B55sc+IDpKo/AAODMQ7Mp4ZlJAKEI/q5Dj83WI9:LbwWRS5sc+ID9NODMQ7XJAK4gWI9

Score
4/10
discovery

Malware Config

Signatures

  • Drops file in Windows directory 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b76f2dd18e555704fdfd1b212abd8fc7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b76f2dd18e555704fdfd1b212abd8fc7_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:4248

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\e\83408-040712-212552-78.a2k\index.html
    Filesize

    7KB

    MD5

    483104438e095b9906ba4850fd4177e4

    SHA1

    bb7dbe325fc71726c797f42cc3b1cdd8435e2362

    SHA256

    684bba6da5b76aec1a5234afec1162943db49252a5d4dd18dbee0afbb0cf92c6

    SHA512

    3d6fa3cfec54faa5cf86facd9d6803ef19c3bbb9d6f6c695775f85add2a2b508cbb8b407a3b375ab829937cf628a8e64dd95f8a53a03a574c8937738c897bb75

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\e\83408-040712-212552-78.a2k\style.css
    Filesize

    2KB

    MD5

    d07c418be56a76cab52160596f51c5e9

    SHA1

    1845b428e288e833d406fd24c4e9be44ed130e00

    SHA256

    8863ecc303c7419247687e767a071f5cfc2ac4223f5c5fa2be344ec2a329ac01

    SHA512

    3a6ec4c079faf467ffe992ab64e60abe062f76c4ba797df16e760dc1d604fbe4cbd4f2e8b8096c9e439bce81ff1c5c9dcef3ef4fbafcefe22cbac8d5ceddcd8a

    Download Submit

  • C:\Windows\system.ini
    Filesize

    277B

    MD5

    0ff90f3042eb7f8aa08911279c00d789

    SHA1

    823ed4733d9f85ac152050db058de0ca53d0763e

    SHA256

    039017f00d07b9f1a65ee81b6764cc52e45e3db176abf73a99b5b2b182439c4f

    SHA512

    d5cec97f9d8ab780759fe2859d119fe06ee4a83abbe638b780bd8360fdf6360905235b481c314861cbfd81a101e65e0a1d73567422c1ed6fcc143de276d28f7d

    Download Submit

  • C:\Windows\win.ini
    Filesize

    183B

    MD5

    2d0cfdc49979d3f0bbfef209ae55bacd

    SHA1

    6896333bd3f4bca943353e9d1f2ff74a9b0bab3e

    SHA256

    40e507adb6a03a0328326395b99bbd7786029a63203b836b4d2e66c5385ae546

    SHA512

    aef17492c631af0c1d428a6fff5b4483b3ef6e54ec271a3064d7c56321d9b67599bdb291fc824408b1b186b4ab7b5fa0abf08a27d7a4876cea05e89cda22405a

    Download Submit