Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

5

fb3f1fd826...18.exe

windows7-x64

5

fb3f1fd826...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    94s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/09/2024, 01:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe

  • Size

    208KB

  • MD5

    fb3f1fd8261c4654ed6019fbbd841cdf

  • SHA1

    d866bd01bb62f88b0beb40c0a4e2f2ed97c39383

  • SHA256

    d95ea8267527e7eef5f5619a586c1e8d73b2f4e467d77596dc626c29cb3f44b9

  • SHA512

    2674eb57d16c72d66a7cb372b9111692d954a195ea7d53030922f890ead77f3fcf9f41987636dff2c3963492aed7681fc3c4c8eebf7ac8013ef7c054ef3d4792

  • SSDEEP

    3072:O5HKITkBXkH7FomiSlBEtZTRA+UT0xj4Sle/qGTCAyNeX:NITkBXkHNetZG+4

Score
5/10
discoveryupx

Malware Config

Signatures

  • Drops file in System32 directory 64 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    PID:3056

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\7-Zip\7z.exe-
    Filesize

    753KB

    MD5

    2ce2a454dcd6085aabd3f9e1ef7dc511

    SHA1

    c6cdc9fed615b3932dedbb0b0c64be7b5e08bd35

    SHA256

    6cf31294bbacb248f585f851f8f25ed631a225ee823de75ba2f42d70ba0d981c

    SHA512

    995ffbe4ccb0fabaa3533a20f35a83194cfd097caa8b4d4a91c44e4af9566859977a80f1d2f2db8a80518f9bc677d418cd117a73b5065e06ae9f23d7c0eac1d5

    Download Submit

  • memory/3056-0-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/3056-2078-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/3056-2079-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/3056-4254-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/3056-4255-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/3056-4259-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download