Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

5

f543a5a24b...18.exe

windows7-x64

7

f543a5a24b...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    95s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/09/2024, 05:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f543a5a24bd2bc09121de19ce90a8697_JaffaCakes118.exe

  • Size

    4.7MB

  • MD5

    f543a5a24bd2bc09121de19ce90a8697

  • SHA1

    1c84d481b74eb05f507dbe3abbad73d5d480991f

  • SHA256

    745d89b49a8658aa910db4df7d1ecb6cabc2601750e18e9cc89f6ed7f0baf276

  • SHA512

    a7817a426b3414167ab1ef22132167af9c656cdbef12c358f207d847ede9daa52ae5446924a1c2dee126d53de4a86c1737b08233e5b7d5e84c592fe3df98ee9a

  • SSDEEP

    98304:c1wJ4X3IT06wWXuycm/iAofR5N1yvA1pYAWBcrKFrSJSnMsEXXnZuJK:cKKWYbycm/iAofR5vyvCYIeSfsAZuk

Score
7/10
persistenceupx

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies registry key 1 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f543a5a24bd2bc09121de19ce90a8697_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f543a5a24bd2bc09121de19ce90a8697_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3620
    • C:\Users\Admin\AppData\Local\Temp\f543a5a24bd2bc09121de19ce90a8697_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\f543a5a24bd2bc09121de19ce90a8697_JaffaCakes118.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:3132
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v update /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\WindowsExplorer.exe""
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2840
        • C:\Windows\system32\reg.exe
          reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v update /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\WindowsExplorer.exe"
          4⤵
          • Adds Run key to start application
          • Modifies registry key
          PID:3928

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI36202\_socket.pyd
    Filesize

    49KB

    MD5

    f9b160a08dacc271b8b7ad1516d88330

    SHA1

    762698430bbfe5b5d52756b969fe7a757ce07a33

    SHA256

    7ddf74ac35a6dfa24c4f96acd058829fc934b798af910ed2a58d9b8ef8a26511

    SHA512

    5f1666a63e1a5a9d788556899d2a1ddeb28a33c4aac9273c706c35fe7ff3feeb0138a2e75e6f9540560f8df5717a9b0e264684f27c13277db632cfccd506aa2a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI36202\python27.dll
    Filesize

    3.3MB

    MD5

    7d70c8d8fc3c80a0dd514a25ebcab3d7

    SHA1

    1bc65d764a012bba355d3a8f57a11e18fd3bb636

    SHA256

    3cd15cca3e7db57da0a4808b6602261763c5e31f807083c59deaffcc0649b743

    SHA512

    5e03aaec836bd429fe7577628161af4a18ee881338fd31f5634aec953f473ba078a888d6fa5af0d7a091048fa8516de28adf649a81f4a6b52325cb85a71ccf65

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI36202\reverse_backdoor_p2.exe.manifest
    Filesize

    1KB

    MD5

    b81d4c45f249bcbbbcb0429143eda454

    SHA1

    935f78d8e9c72a6ab47e8dbf791f20e6edccb685

    SHA256

    f259b42e41d2474143e79d6e63db540bab266d7461c67d4156e63dcc8a230348

    SHA512

    4441cd7c7c1e687513dce6912a78e43eee02e8aeeac31b27d47b1b0481475de54697a13e69ced7c85924a6b3aee3a95e8bbd11189b86267ed8efb16cbc89eefc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI36~1\_ssl.pyd
    Filesize

    2.0MB

    MD5

    16bbb7e72d190e6712d923dbc854a45f

    SHA1

    2913c4d3b9f0c708845252e863518d9bdaea5aac

    SHA256

    a9d0fdc952d5bb1ba7f809a6fa7ba9418414d5a10f4a7d429f680eac22d6a322

    SHA512

    906f16928e322addf52aad4e21265650b82853ae73e39ec60a80effd205d75bf5b4183bac1cd55f853bbcfdc84c4fb2694acff2098c32d93175aeefd3cdff5c9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI36~1\bz2.pyd
    Filesize

    90KB

    MD5

    a1950d15ae7fadd5b203639f3965f690

    SHA1

    dd09dfee5577feca2ce25d9cc5091933ca580adb

    SHA256

    baa75ad550784c5c5bada51cb565784a04f267fad708e6611b0cc3dc6ae0c1ed

    SHA512

    b0ca2e27e0fa77a58c7a56d66bf01fca152cb784e11ced7e247b092864f5a81b6cde353adfe58193d660f9be7b37c8076a6ca75390d4b34228b5359a3a884c88

    Download Submit

  • memory/3132-26-0x00007FF70BFC0000-0x00007FF70C026000-memory.dmp

    Filesize

    408KB

    Download

  • memory/3132-29-0x00007FF70BFC0000-0x00007FF70C026000-memory.dmp

    Filesize

    408KB

    Download

  • memory/3620-0-0x00007FF70BFC0000-0x00007FF70C026000-memory.dmp

    Filesize

    408KB

    Download

  • memory/3620-24-0x00007FF70BFC0000-0x00007FF70C026000-memory.dmp

    Filesize

    408KB

    Download

  • memory/3620-38-0x00007FF70BFC0000-0x00007FF70C026000-memory.dmp

    Filesize

    408KB

    Download