Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    140s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    09/09/2024, 18:53 UTC

General

  • Target

    d6e7bcd08eac45e6a47176c555b2e282_JaffaCakes118.exe

  • Size

    1.2MB

  • MD5

    d6e7bcd08eac45e6a47176c555b2e282

  • SHA1

    b6491468adb7e68c0b0e7e65610da987d917b3ca

  • SHA256

    5df61ec2976ec81eec878a51a68b9591640c40119b189d15fb21e440f92255d5

  • SHA512

    8de08cd0c204c144789372372ac73ee51b6e33c1e32be1e0c7132afd23b1f80b353eaa2bb27c70ed257f5e8559047c20ca8d8e7cf8f67cd603fa3b20beeb3481

  • SSDEEP

    24576:gT5TPKfDG4WAlkkrQxzcVgqJJ809hbIX0GoilawnjNV:gdefa4Wp2Q9cVgqU0bIX0G5Nnj/

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d6e7bcd08eac45e6a47176c555b2e282_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d6e7bcd08eac45e6a47176c555b2e282_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2052
    • C:\Users\Admin\AppData\Local\Temp\is-GGCK6.tmp\d6e7bcd08eac45e6a47176c555b2e282_JaffaCakes118.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-GGCK6.tmp\d6e7bcd08eac45e6a47176c555b2e282_JaffaCakes118.tmp" /SL5="$4010C,753259,71680,C:\Users\Admin\AppData\Local\Temp\d6e7bcd08eac45e6a47176c555b2e282_JaffaCakes118.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:1292

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\is-GGCK6.tmp\d6e7bcd08eac45e6a47176c555b2e282_JaffaCakes118.tmp

    Filesize

    1.1MB

    MD5

    dfb7304d96f8f1c29fda2748779663d7

    SHA1

    1d836df6a5373db4edde087f31b61561e7f071ca

    SHA256

    f487faf0e64abf18eb5c0b6f79f410ee96a1e1c6dde473f2bd3ffabf05812027

    SHA512

    c8455c34d47ba88ecaed794aba0d093b6c813e7c0e061453fb535f5c1c1287f2f52520899456d067a225ea3cafdf598176a78f9f317c25a32c30fca0270c2d7e

  • \Users\Admin\AppData\Local\Temp\is-OHODG.tmp\_isetup\_shfoldr.dll

    Filesize

    22KB

    MD5

    92dc6ef532fbb4a5c3201469a5b5eb63

    SHA1

    3e89ff837147c16b4e41c30d6c796374e0b8e62c

    SHA256

    9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

    SHA512

    9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

  • memory/1292-9-0x0000000000400000-0x0000000000523000-memory.dmp

    Filesize

    1.1MB

  • memory/1292-21-0x0000000000400000-0x0000000000523000-memory.dmp

    Filesize

    1.1MB

  • memory/2052-0-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

  • memory/2052-2-0x0000000000401000-0x000000000040D000-memory.dmp

    Filesize

    48KB

  • memory/2052-20-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.