Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

db52a41f01...18.exe

windows7-x64

7

db52a41f01...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    135s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    11/09/2024, 22:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    db52a41f01322eda894df0b1ac01db17_JaffaCakes118.exe

  • Size

    226KB

  • MD5

    db52a41f01322eda894df0b1ac01db17

  • SHA1

    46e1facb98b44389384e976d600e83b0cd6fb20a

  • SHA256

    8ec7ac9ed472f8203d2615978cc71fc4181ee16ee649551ad5fb8f61f9ec25bd

  • SHA512

    1d06ce49154f41460cbdcd021968da81a1e5359ac534b570acb844b5df672b5bf7436e2b9ab2af6d76613dd2d71dfdae1b35e5c3c2e954567564914af9d98e59

  • SSDEEP

    6144:jPLAFMHYvvYamKHOXtHvgUv6tIjY0cQ0g25le:jPL/4YF9gUv6SjYDPgJ

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops desktop.ini file(s) 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\system32\csrss.exe
    %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
    1⤵
    • Executes dropped EXE
    • Drops desktop.ini file(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:332
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    1⤵
      PID:860
      • C:\Windows\system32\wbem\WMIADAP.EXE
        wmiadap.exe /F /T /R
        2⤵
          PID:3056
      • C:\Users\Admin\AppData\Local\Temp\db52a41f01322eda894df0b1ac01db17_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\db52a41f01322eda894df0b1ac01db17_JaffaCakes118.exe"
        1⤵
        • Suspicious use of SetThreadContext
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2520
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\system32\cmd.exe"
          2⤵
          • Deletes itself
          • System Location Discovery: System Language Discovery
          PID:2924

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\system32\consrv.dll
        Filesize

        53KB

        MD5

        63e99b675a1337db6d8430195ea3efd2

        SHA1

        1baead2bf8f433dc82f9b2c03fd65ce697a92155

        SHA256

        6616179477849205eb4075b75a042056d196f45d67f78929dbb3317a35ccbea9

        SHA512

        f5b986eafa38dbc9ad7759784ac887ecbb9c8d8009a3f33e91b9c9ceeaf043ed3e4ddab8e6b6b77e54aed9fcecab02442c8ff253f2136ea06996d05ddd68199f

        Download Submit

      • \??\globalroot\systemroot\assembly\temp\@
        Filesize

        2KB

        MD5

        488986a21784c68fcc3ccb39f5072c8a

        SHA1

        e13cf4db1e5eb30310546500d2a617edf176a248

        SHA256

        6cfd82fc4d287f3335339a95eedfd994ad812bf8c2a5d824542a33ea87c2e8ae

        SHA512

        99708105b81e77ab5ace448c658cb361dfce1ab681862532f04ecee58aaf2eb4deaa779bbe82c7f2a2e342ad99ae056a214254b8daa4d83c45c4053dcf1edd8d

        Download Submit

      • memory/332-25-0x0000000000BA0000-0x0000000000BA1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/332-33-0x0000000000BD0000-0x0000000000BE2000-memory.dmp

        Filesize

        72KB

        Download

      • memory/332-28-0x0000000000BD0000-0x0000000000BE2000-memory.dmp

        Filesize

        72KB

        Download

      • memory/332-27-0x0000000000BD0000-0x0000000000BE2000-memory.dmp

        Filesize

        72KB

        Download

      • memory/860-48-0x0000000000BE0000-0x0000000000BEB000-memory.dmp

        Filesize

        44KB

        Download

      • memory/860-36-0x0000000000BD0000-0x0000000000BDB000-memory.dmp

        Filesize

        44KB

        Download

      • memory/860-40-0x0000000000BD0000-0x0000000000BDB000-memory.dmp

        Filesize

        44KB

        Download

      • memory/860-46-0x0000000000BE0000-0x0000000000BEB000-memory.dmp

        Filesize

        44KB

        Download

      • memory/860-44-0x0000000000BD0000-0x0000000000BDB000-memory.dmp

        Filesize

        44KB

        Download

      • memory/860-35-0x0000000000BC0000-0x0000000000BC8000-memory.dmp

        Filesize

        32KB

        Download

      • memory/2520-5-0x0000000000470000-0x00000000004B5000-memory.dmp

        Filesize

        276KB

        Download

      • memory/2520-32-0x0000000000400000-0x0000000000465000-memory.dmp

        Filesize

        404KB

        Download

      • memory/2520-24-0x000000000042E000-0x0000000000431000-memory.dmp

        Filesize

        12KB

        Download

      • memory/2520-17-0x0000000000470000-0x00000000004B5000-memory.dmp

        Filesize

        276KB

        Download

      • memory/2520-19-0x0000000000470000-0x00000000004B5000-memory.dmp

        Filesize

        276KB

        Download

      • memory/2520-16-0x0000000000470000-0x00000000004B5000-memory.dmp

        Filesize

        276KB

        Download

      • memory/2520-15-0x0000000000400000-0x0000000000465000-memory.dmp

        Filesize

        404KB

        Download

      • memory/2520-18-0x0000000000470000-0x00000000004B5000-memory.dmp

        Filesize

        276KB

        Download

      • memory/2520-14-0x0000000000470000-0x00000000004B5000-memory.dmp

        Filesize

        276KB

        Download

      • memory/2520-2-0x0000000000400000-0x0000000000465000-memory.dmp

        Filesize

        404KB

        Download

      • memory/2520-9-0x0000000000470000-0x00000000004B5000-memory.dmp

        Filesize

        276KB

        Download

      • memory/2520-13-0x0000000000470000-0x00000000004B5000-memory.dmp

        Filesize

        276KB

        Download

      • memory/2520-4-0x0000000000400000-0x0000000000465000-memory.dmp

        Filesize

        404KB

        Download

      • memory/2520-3-0x0000000000400000-0x0000000000465000-memory.dmp

        Filesize

        404KB

        Download

      • memory/2520-0-0x0000000000400000-0x0000000000465000-memory.dmp

        Filesize

        404KB

        Download

      • memory/2520-1-0x000000000042E000-0x0000000000431000-memory.dmp

        Filesize

        12KB

        Download