Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

d693ca1ee2...18.exe

windows7-x64

7

d693ca1ee2...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09/09/2024, 15:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d693ca1ee2563988ed8f2bf122ce9a01_JaffaCakes118.exe

  • Size

    617KB

  • MD5

    d693ca1ee2563988ed8f2bf122ce9a01

  • SHA1

    2607c509fa750eb7202796b7c9a846d58f16c8dd

  • SHA256

    919e0afd668cb7d3cec17fedacb7737aeab68f710939c00a5619d7d550bda308

  • SHA512

    0b0badb938e821f0ef1ce3583684b9c63339e511b025ea32e330c3f683570275a9d855f0b5e689334bb01675b7116668cfccaabbd00e5e44c0c67e699b44022f

  • SSDEEP

    12288:BU/xRawGmS2FCj8j9aa4gLEUyULF3Z4mxxh1scKb4jYyWBEWxmWmb6s:6/xAjmSdiAa4g4UnQmXhksUs1

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies data under HKEY_USERS 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d693ca1ee2563988ed8f2bf122ce9a01_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d693ca1ee2563988ed8f2bf122ce9a01_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2472
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\DELME.BAT
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      PID:2356
  • C:\Program Files (x86)\Common Files\Services\svchost.exe
    "C:\Program Files (x86)\Common Files\Services\svchost.exe"
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2452
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
      2⤵
        PID:3028

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Common Files\Services\svchost.exe
      Filesize

      617KB

      MD5

      d693ca1ee2563988ed8f2bf122ce9a01

      SHA1

      2607c509fa750eb7202796b7c9a846d58f16c8dd

      SHA256

      919e0afd668cb7d3cec17fedacb7737aeab68f710939c00a5619d7d550bda308

      SHA512

      0b0badb938e821f0ef1ce3583684b9c63339e511b025ea32e330c3f683570275a9d855f0b5e689334bb01675b7116668cfccaabbd00e5e44c0c67e699b44022f

      Download Submit

    • C:\Windows\DELME.BAT
      Filesize

      218B

      MD5

      f30adeaa7b4a1186e5b8eee2507ab6bf

      SHA1

      4e6397936a4a1c8560dc66f2c6e5c349c7b8ad3d

      SHA256

      f64b01168001f18785452882480a62bbae1b03891ed1b86825493b55e2c731c5

      SHA512

      f719e4cfaf6b1c224ab43493703edecf4818588469a7228e48e0fa8f9367c3a747fc86d68fdf577ad6a931cd47872aaf730a7f4d04190749a8a3c1a4e3a2cee0

      Download Submit

    • memory/2452-36-0x0000000000400000-0x0000000000563000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/2452-22-0x0000000000400000-0x0000000000563000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/2472-6-0x0000000001E70000-0x0000000001E71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2472-3-0x0000000001EA0000-0x0000000001EA1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2472-14-0x0000000003280000-0x0000000003332000-memory.dmp

      Filesize

      712KB

      Download

    • memory/2472-12-0x0000000003280000-0x0000000003332000-memory.dmp

      Filesize

      712KB

      Download

    • memory/2472-10-0x0000000001E90000-0x0000000001E91000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2472-9-0x0000000002020000-0x0000000002021000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2472-8-0x0000000001ED0000-0x0000000001ED1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2472-7-0x0000000001EE0000-0x0000000001EE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2472-0-0x0000000000400000-0x0000000000563000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/2472-5-0x0000000001E80000-0x0000000001E81000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2472-4-0x0000000002010000-0x0000000002011000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2472-15-0x0000000003280000-0x0000000003332000-memory.dmp

      Filesize

      712KB

      Download

    • memory/2472-2-0x0000000001EC0000-0x0000000001EC1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2472-18-0x0000000000630000-0x0000000000631000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2472-17-0x0000000003280000-0x0000000003281000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2472-16-0x0000000003280000-0x0000000003332000-memory.dmp

      Filesize

      712KB

      Download

    • memory/2472-13-0x0000000003280000-0x0000000003332000-memory.dmp

      Filesize

      712KB

      Download

    • memory/2472-11-0x0000000003280000-0x0000000003332000-memory.dmp

      Filesize

      712KB

      Download

    • memory/2472-32-0x0000000000400000-0x0000000000563000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/2472-33-0x00000000005D0000-0x0000000000624000-memory.dmp

      Filesize

      336KB

      Download

    • memory/2472-1-0x00000000005D0000-0x0000000000624000-memory.dmp

      Filesize

      336KB

      Download