Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

d39b8927d6...18.exe

windows7-x64

10

d39b8927d6...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    08/09/2024, 05:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d39b8927d6dd71111922fd9d594760c9_JaffaCakes118.exe

  • Size

    80KB

  • MD5

    d39b8927d6dd71111922fd9d594760c9

  • SHA1

    b67a3a9974db4249fd1ee053b2532f4f567444cb

  • SHA256

    b7dd8f32a6c339821351d4034a44e7beb1c7adeac351f7ee1c085b0dd06431b6

  • SHA512

    d50c1d08eb929a1860ac436a50e383e58066027735d8eea72340d9dfae8dbc7d8215e04ddc2f9606e2378c4e44ff81992fd41d2027d67cac85844f64c6ecc423

  • SSDEEP

    1536:bm2idlRT1GV8UDp+Qlw/AUv87qJM90r0OxDLGAnRHRlHRRRx2j0OAUjit03E4B4:S/7M8UDpvS/A+UsaAnRHRlHRRRxW0LU6

Score
10/10
discovery

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    www.onlineordersnow.com
  • Port:
    21
  • Username:
    softupdate
  • Password:
    oon1155

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d39b8927d6dd71111922fd9d594760c9_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d39b8927d6dd71111922fd9d594760c9_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:2692

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads