Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

dd38e7b9a3...18.exe

windows7-x64

7

dd38e7b9a3...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    12/09/2024, 23:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dd38e7b9a3764fe564a710f05298646e_JaffaCakes118.exe

  • Size

    79KB

  • MD5

    dd38e7b9a3764fe564a710f05298646e

  • SHA1

    d063fd94c5baf1ebcf02a02979be3510d145c5f7

  • SHA256

    a87f3f428c1fa5d539aef5569a3ca1a29996ff1c27865e1ca44eabf87ff989c8

  • SHA512

    1404f7c30908c85db2c2fba932f8343dd0f7c16b3a73f458c00d82a73a0569bcc78f423372621f52f90685a7cd5d897c245022e63af16e3afe6b48be707a1dbf

  • SSDEEP

    1536:43Yb9AKP34HazThNuuGOtQaDCB29QkPz2TkqMvd6lM/ZL1lhENNTKtW4rG:iWtAHYhPkWR2bMVBZL/kNTSrG

Score
7/10
discoveryupx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 1 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1196
      • C:\Users\Admin\AppData\Local\Temp\dd38e7b9a3764fe564a710f05298646e_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\dd38e7b9a3764fe564a710f05298646e_JaffaCakes118.exe"
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: RenamesItself
        • Suspicious use of WriteProcessMemory
        PID:1288

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\IECheck.exe
      Filesize

      79KB

      MD5

      dd38e7b9a3764fe564a710f05298646e

      SHA1

      d063fd94c5baf1ebcf02a02979be3510d145c5f7

      SHA256

      a87f3f428c1fa5d539aef5569a3ca1a29996ff1c27865e1ca44eabf87ff989c8

      SHA512

      1404f7c30908c85db2c2fba932f8343dd0f7c16b3a73f458c00d82a73a0569bcc78f423372621f52f90685a7cd5d897c245022e63af16e3afe6b48be707a1dbf

      Download Submit

    • C:\Users\Admin\AppData\Local\msvcr.dll
      Filesize

      113KB

      MD5

      1142de1d89907a1b0901a415dcbd8ebf

      SHA1

      a79caf52f03820d0c7341520e4cb34f48ea52ab7

      SHA256

      d4441ef57bc18323f4e18ddeb2060ba7cf3e92315d605cd8f092380ae484372d

      SHA512

      17370248ab7e8d7daf883bb608b14f32723ab6cb52464b55e0b96aca76b4690a01568dae30fb2f1ae09c95f15ea4ec9b6c088f7402528951a04fe161b95c3998

      Download Submit

    • C:\Users\Admin\AppData\Local\ws2help.PNF
      Filesize

      79KB

      MD5

      60bf1ba61ae4cc6de846fac3f2a3884f

      SHA1

      24d191936b15b6fb107484e7f3a9a5f1d23f90a9

      SHA256

      8f6c9ab493849b1f991c67be8562ad3f7e3231d14bd63f58228664190577fb9f

      SHA512

      d14f0c3a46ed4ac6f909b699191283806190bd24db7142e14383dd6e3535be2e0eed8e2fbc8201c9904aff831e8bfdcbc6a4ad9fee2ce4441aa72e191ad53c45

      Download Submit

    • memory/1196-17-0x0000000002470000-0x0000000002471000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1288-0-0x0000000000400000-0x000000000042C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/1288-20-0x0000000000400000-0x000000000042C000-memory.dmp

      Filesize

      176KB

      Download