Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

ebdfbea915...18.exe

windows7-x64

7

ebdfbea915...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    109s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/09/2024, 17:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ebdfbea915df9687e6e745a9dd4e816a_JaffaCakes118.exe

  • Size

    36KB

  • MD5

    ebdfbea915df9687e6e745a9dd4e816a

  • SHA1

    8edfbf995b581a6ec241e8b22685592da96b11f7

  • SHA256

    8b5be3415040fedbbb321b730fa0f3d1f4f3344b5e4451f967c340ec623ce1bb

  • SHA512

    a915b8db6a054a26d2454ce954f5dbcab8be78fad3652ba530d290f160974a5734cedb2cac0ec137c89b023ddf1047c14cfc464c4a7987b45a2ec5f70cc6624d

  • SSDEEP

    768:QATJxFQM1+Bw8JrV4UYW50z4C6AXTzM7WyjiTd:QA3cBw8JrydM7W7J

Score
7/10
discovery

Malware Config

Signatures

  • Unexpected DNS network traffic destination 5 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ebdfbea915df9687e6e745a9dd4e816a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ebdfbea915df9687e6e745a9dd4e816a_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:812
    • C:\Users\Admin\AppData\Local\Temp\ebdfbea915df9687e6e745a9dd4e816a_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\ebdfbea915df9687e6e745a9dd4e816a_JaffaCakes118.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:1060

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1060-0-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/1060-2-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/1060-3-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/1060-4-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download