Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06/09/2024, 05:17

General

  • Target

    cec08e0089f5f795f9cd55771da85459_JaffaCakes118.exe

  • Size

    1.5MB

  • MD5

    cec08e0089f5f795f9cd55771da85459

  • SHA1

    b99f3fd09eb3336ee184274b7740757d2a99a50d

  • SHA256

    ef8d2f8708066043cbe59db48c1632f2e15622fa2d642050e9d64ec2be7cb62b

  • SHA512

    790dc4774cc2cf11570503d36d1e3bc7f806abb68255ec938a1dbb474f952aa65bfeb1cbaf044f2e245e4f3e24ce3d879131abdced36fac99fb83e10ed6f164a

  • SSDEEP

    24576:Uf4y2gZmHjZ2YALeHHbo1qJMMKpXKwcKgOXKfQdXD0At2rsYifkCO+nJfluhov/p:UgyE2YwRwMMhwJ6MD0C2rj+XhugOBdg

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cec08e0089f5f795f9cd55771da85459_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\cec08e0089f5f795f9cd55771da85459_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1908
    • C:\Users\Admin\AppData\Local\Temp\XLtoEXE240906051733_tmp\cec08e0089f5f795f9cd55771da85459_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\XLtoEXE240906051733_tmp\cec08e0089f5f795f9cd55771da85459_JaffaCakes118.exe" cmd/CallFromZipBase /C:\Users\Admin\AppData\Local\Temp\cec08e0089f5f795f9cd55771da85459_JaffaCakes118.exe /106496 /279717 /432394 /1599016 /C:\Users\Admin\AppData\Local\Temp\XLtoEXE240906051733_tmp\ /-1 /13921 /0 /
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      PID:2424

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\XLtoEXE240906051733_tmp\cec08e0089f5f795f9cd55771da85459_JaffaCakes118.exe

    Filesize

    752KB

    MD5

    37d1f8eef6f37d0e70fad3a58f5ea278

    SHA1

    8a72627ac17d950006abc5a61b9e0dd14e55669d

    SHA256

    a9527b83fbb90054515770d14a81a510984cac25c965b152d6d9fcb94c2af1c5

    SHA512

    ba9f782540549a6b52fafa51e25ad10e74611e6cee927ef131528b9903db0d75bebd5b4784fad984d769a7f7440a10d7492edf2594ae3fda001a6cfe1f942834

  • \Users\Admin\AppData\Local\Temp\XLtoEXE240906051733_tmp\zlib123.dll

    Filesize

    72KB

    MD5

    4efaa53c545f4ffb1ee0ed1709c15ea7

    SHA1

    076b2d31e24fe8cfb56f9c292fd6ca1402be79b2

    SHA256

    21582b3a68e8753322a1b1c7e550ae7fd305de4935de68fbde9f87570f484d00

    SHA512

    7fa8c0954729ea14fdceb788393c3de6e139fc4c480b84183863f62afacec2d6bbc0993b601a4a74c87bc89338b627dc37a18be309d090bae880ea10ab9d7314

  • memory/2424-22-0x0000000000280000-0x0000000000281000-memory.dmp

    Filesize

    4KB

  • memory/2424-23-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

  • memory/2424-24-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

  • memory/2424-25-0x00000000003F0000-0x00000000003F1000-memory.dmp

    Filesize

    4KB

  • memory/2424-26-0x00000000004F0000-0x00000000004F1000-memory.dmp

    Filesize

    4KB

  • memory/2424-27-0x0000000000500000-0x0000000000501000-memory.dmp

    Filesize

    4KB

  • memory/2424-28-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

  • memory/2424-29-0x00000000003F0000-0x00000000003F1000-memory.dmp

    Filesize

    4KB

  • memory/2424-30-0x00000000004F0000-0x00000000004F1000-memory.dmp

    Filesize

    4KB

  • memory/2424-31-0x0000000000500000-0x0000000000501000-memory.dmp

    Filesize

    4KB