Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

3

cdfd855173...18.exe

windows7-x64

5

cdfd855173...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    141s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05/09/2024, 21:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cdfd855173f734ba2bee2773a7929562_JaffaCakes118.exe

  • Size

    2.1MB

  • MD5

    cdfd855173f734ba2bee2773a7929562

  • SHA1

    8e8e1abf640ad25cc328b2cd321ded42b06e1ef9

  • SHA256

    da8ae99cd509ba91bb3ea4bd73ba9abc4e524911ad8e91a3f3fbbd3c817d3643

  • SHA512

    063d6cb364e04b40f29d2f332eb0776167bb81e5cd8cce92bc3f9a4f5fcccf60111e33cffe3e07dc72c6ad8dbceb59476f9556d9ca1ccc03deace25f6f7d6c15

  • SSDEEP

    24576:yKh/tmBIbmy14rwwDx5qgOg5fP0/nxFxdd+yHpMFiGJz+gJGFiGJz496IeL:LYBy4sQqgVfcxGyHpMFi4zeFi4z49mL

Score
5/10
discovery

Malware Config

Signatures

  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 4 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cdfd855173f734ba2bee2773a7929562_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\cdfd855173f734ba2bee2773a7929562_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:840

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\xplunametallic.ini
    Filesize

    7KB

    MD5

    741ef597e9cc36226bb500c87160f176

    SHA1

    f2e6e1c67c1fe4952ff6c78065f81e93caf6a533

    SHA256

    53da325032567765c055e0cf347c772ebf9eb6ad4bfc6f3a990a5be54aa266e4

    SHA512

    6a6d5502af1d1f3b05829c0a2950b09f9ea34315324acc15490b80f4e3d20466eb54ea954c9053e941a162f38bb174949340ce072ef5948a1a0aff640d753fd2

    Download Submit

  • memory/840-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/840-377-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/840-376-0x0000000000400000-0x000000000061F000-memory.dmp

    Filesize

    2.1MB

    Download