Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

e11f55693c...18.exe

windows7-x64

6

e11f55693c...18.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    141s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14/09/2024, 21:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e11f55693c02765a4471c14ae5bdd3d3_JaffaCakes118.exe

  • Size

    990KB

  • MD5

    e11f55693c02765a4471c14ae5bdd3d3

  • SHA1

    27ca5eded62174bce49b60a0b21d2e67fe46a6d3

  • SHA256

    af1e0c21bec6fe0d1015b85dd2a169adcf3c190fc566de6ec21f53ba1c7b371f

  • SHA512

    3667ae0806be4a2886bf055684da4c8d12fd36dd3a44135dc11201bf7a8311f781dc21717272408ace200f45194cdf623cad53f4b2fee30fc571c8f54e2bd5a7

  • SSDEEP

    12288:3se4yRyXmrHF6sLh9QXr+eLP5c1doatt1JGUAtKh0VfAAVjcBc33CE1edRcBktF9:3vvomh6s19K5Oft1zhm1dp3v1K

Score
6/10
discoverypersistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\e11f55693c02765a4471c14ae5bdd3d3_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e11f55693c02765a4471c14ae5bdd3d3_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    PID:3052

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3052-0-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3052-2-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3052-1-0x0000000000400000-0x0000000000500000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/3052-3-0x0000000000400000-0x0000000000500000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/3052-4-0x0000000000400000-0x0000000000500000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/3052-5-0x0000000000400000-0x0000000000500000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/3052-6-0x0000000000400000-0x0000000000500000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/3052-7-0x0000000000400000-0x0000000000500000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/3052-8-0x0000000000400000-0x0000000000500000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/3052-9-0x0000000000400000-0x0000000000500000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/3052-10-0x0000000000400000-0x0000000000500000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/3052-11-0x0000000000400000-0x0000000000500000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/3052-12-0x0000000000400000-0x0000000000500000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/3052-13-0x0000000000400000-0x0000000000500000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/3052-14-0x0000000000400000-0x0000000000500000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/3052-15-0x0000000000400000-0x0000000000500000-memory.dmp

    Filesize

    1024KB

    Download