Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

dd3193762c...18.exe

windows7-x64

7

dd3193762c...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    16s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    12/09/2024, 22:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dd3193762c3515c65abd4ec5f704f0d2_JaffaCakes118.exe

  • Size

    946KB

  • MD5

    dd3193762c3515c65abd4ec5f704f0d2

  • SHA1

    29baed3498eaf872fa8821263a40f04b48acec30

  • SHA256

    40332590793bf2c35cdb46695fddb62422b20aadfce5b5936db7159040fe5aa0

  • SHA512

    3bb60b29c3d2293c8ad54bb35a7c410b5fe06a20fb3bdc2be9d6beff42c695739cd62c716282dd550cab7ba395d33672422271331208a3c002108c0517b1b0b8

  • SSDEEP

    24576:8vIycEkSjb5p/tkSvyJi4qgjHDrys33Rgc9idCqSV:hyvX1TvYjjNxjKSV

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dd3193762c3515c65abd4ec5f704f0d2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\dd3193762c3515c65abd4ec5f704f0d2_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1824
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ShowMyPC.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ShowMyPC.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      PID:2444

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\settings.ini
    Filesize

    84B

    MD5

    ab3ab62c71f6781368ef1507545f12ea

    SHA1

    410b9d60058c190ff22f54d731ae9ee2d8d6ecf3

    SHA256

    f00e8c45aa32f183226f338f95da85ef1ed32d30c1f15d1165627626a69ce5b0

    SHA512

    3b8b6aece5516740bbf41173ddec87060ead0e825070b5f0f88b92bcc35c0c33c3486f189f7da2263b28060e7fb9124369eb02261e68f9128708990cdd0f0538

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\smpcvndat
    Filesize

    29KB

    MD5

    4691ca9909a05864068b27e0bc925a3a

    SHA1

    5d395a285652dd785b12c2932e18a1e5ce10b2a5

    SHA256

    60eee4921f7c1bc736a2486b4868ac65691c430890861d8973782ea8d3b6c7bc

    SHA512

    c5c6114194a507cd256c7902ec9fd81a2b414bb9ed368e7fe0ec0be4019c094dee935e6498ca2ead3bd308db4435ba7b9db0a25ebec3a2ff73a5568b17555bf3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\IXP000.TMP\ShowMyPC.exe
    Filesize

    1.8MB

    MD5

    051e44a77c7b201ce6e69ae59a67b62d

    SHA1

    1cfb49575e2d6e5014b7640b13572d3accb93f0a

    SHA256

    0d35b421957ad675975a6255f911c845aeffbe291d8dfe4fe830843817676ca3

    SHA512

    fc541524a5aee3856221d15a420fb6d3078c9432035d9b4876203b24c7c08a6982a7e2947a2fc6a54f0257c13e65df3c77febc918ff753292fe5bb35926fde37

    Download Submit