Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

3

ba433b4896...18.exe

windows7-x64

4

ba433b4896...18.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    135s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/08/2024, 03:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ba433b48963e5867305d0a0885e2f1a9_JaffaCakes118.exe

  • Size

    256KB

  • MD5

    ba433b48963e5867305d0a0885e2f1a9

  • SHA1

    95b3e061b6b1943f5f6d62738ebf05a04add7128

  • SHA256

    7c86f9c3b1f8247e961d9186105c1c1f52e12423b5e3f0fdbee0ef2142ff534f

  • SHA512

    b40e16c6e960e01ea41c9f08c182858d54ef5f96f752b24b2669f7a1397a4b434a18ee9c483d2f5b3b7f3805108f62399b0566c5b70e58c9b5009ac90b65332d

  • SSDEEP

    6144:uQjLyQVSpPD9gtefEsp4yxQA8p9NbZDBV+9eIeuRbZ7n7rma:uQQD9gt4PRxoNPs9eIn73

Score
4/10
discovery

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3496
      • C:\Users\Admin\AppData\Local\Temp\ba433b48963e5867305d0a0885e2f1a9_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\ba433b48963e5867305d0a0885e2f1a9_JaffaCakes118.exe"
        2⤵
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:3532

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\PCGWIN32.LI5
      Filesize

      2KB

      MD5

      01c9519868c43e8ddf4d73e95feb054a

      SHA1

      dae50c60b89f3d349782f46146d9eaeab679075d

      SHA256

      4b371b610000aadd547c6bd40cc303a8d71d5933442d1470dee28a8f5bf08b92

      SHA512

      ab03fd65c3a402b97d753a6cf1af5eefc53412bca9c38dff1aa5520f5b706e4d4c13f64b1d05a7f29eefeb14a8dce52f2803c62a9d1ce8a63ea2963f2fa2d298

      Download Submit

    • memory/3496-21-0x000000007FFD0000-0x000000007FFD1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3496-20-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

      Filesize

      28KB

      Download

    • memory/3532-6-0x0000000000400000-0x0000000000444000-memory.dmp

      Filesize

      272KB

      Download

    • memory/3532-5-0x0000000000400000-0x0000000000444000-memory.dmp

      Filesize

      272KB

      Download

    • memory/3532-4-0x0000000000400000-0x0000000000444000-memory.dmp

      Filesize

      272KB

      Download

    • memory/3532-1-0x0000000000400000-0x0000000000444000-memory.dmp

      Filesize

      272KB

      Download

    • memory/3532-18-0x0000000000400000-0x0000000000444000-memory.dmp

      Filesize

      272KB

      Download

    • memory/3532-17-0x0000000000400000-0x0000000000444000-memory.dmp

      Filesize

      272KB

      Download

    • memory/3532-19-0x0000000000400000-0x0000000000444000-memory.dmp

      Filesize

      272KB

      Download

    • memory/3532-2-0x0000000000400000-0x0000000000444000-memory.dmp

      Filesize

      272KB

      Download

    • memory/3532-0-0x0000000000401000-0x0000000000403000-memory.dmp

      Filesize

      8KB

      Download

    • memory/3532-24-0x0000000000400000-0x0000000000444000-memory.dmp

      Filesize

      272KB

      Download