Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

dbe20b0025...18.exe

windows7-x64

6

dbe20b0025...18.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    93s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/09/2024, 05:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dbe20b0025b73769811b5416ecf7177f_JaffaCakes118.exe

  • Size

    253KB

  • MD5

    dbe20b0025b73769811b5416ecf7177f

  • SHA1

    81d57a04d6833a9592f1966f2c6f773d2dd863e0

  • SHA256

    84fe55896f3854f33b088f2351616ad92699735fa5ca2f22a58cc071e88c7c62

  • SHA512

    14847f31e2464db0db14a2832898bffd5d7e6a0ab8f5061fe0433ac0234fe6924b434a3dabe0d479c5700723255bcd0f8c3bfde55f74240bda969d8250a0ae63

  • SSDEEP

    6144:6jYD4PawAJ1U4CDU3nh9wv1U5K0pxSOODQZM/2zlmUJm:6Za/y4h9wt0K0THO0Z82hLY

Score
6/10
discoverypersistence

Malware Config

Signatures

  • Modifies WinLogon 2 TTPs 8 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 19 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dbe20b0025b73769811b5416ecf7177f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\dbe20b0025b73769811b5416ecf7177f_JaffaCakes118.exe"
    1⤵
    • Modifies WinLogon
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:4672

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\lcss.exe
    Filesize

    128KB

    MD5

    526b29c31346e54d5c7f4ee86a8dfdb9

    SHA1

    a01e4c8ac7d31e93cdb0dd9d39bd7f9be5aed3ec

    SHA256

    c0e70e7180fbb226cf3cb0256cd8d5c21b86da0cb5ee3fa320d9f746d5546d0c

    SHA512

    28e838d8fe13eeed0739a286317af73878a913c39525ebdf9e68976d31e670ee501866f183c536972403626cbaa587abf71642030ece1dcbbef45c57d249ffa1

    Download Submit

  • C:\Windows\SysWOW64\net.cpl
    Filesize

    180KB

    MD5

    165fa5af7e670cd2d20c01672f5e94c0

    SHA1

    2015c7ab52fa9d453851308d5aa6e29661a2ddef

    SHA256

    81fb205a48bd05211ae60c3d6a1c698cb06b7b92ccd9e91294e5e6ec7da31929

    SHA512

    22bc5872446e06fc9c707a12051254603d9efe03454ba715423e940e6cb6a6bb7a914b1352d450918cd92ecb3f85988f0b9940573d64e136437599b7e7653899

    Download Submit

  • memory/4672-24-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download