Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    29/09/2024, 05:33 UTC

General

  • Target

    fde4261782848225d165d1ddcca64174_JaffaCakes118.exe

  • Size

    321KB

  • MD5

    fde4261782848225d165d1ddcca64174

  • SHA1

    0926f12fd135a1589083844e316a0a72d54b7974

  • SHA256

    0694e94b80bd3c2a000f0ee6231a01ebd9872c2144f6e56607cc5d7808f9afc6

  • SHA512

    c70bc5a38a8c3bd54c1bd4945af35e1ad44aa028d084600fb17c1d8aafcbdcb75174442a619dfdae952e5c9e3e83e9506457391af3849d975c901be6eeaee4a8

  • SSDEEP

    3072:ntPQsBBD1XsNsWW0eSZDsKU3PCkycEeJpfnf9+Ko4SalwE98ERSdxNl44e9RC0u3:tGsWW0ls/CHcE6pff9/SK9FMBlSpLXhs

Score
6/10

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\fde4261782848225d165d1ddcca64174_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\fde4261782848225d165d1ddcca64174_JaffaCakes118.exe"
    1⤵
    • Maps connected drives based on registry
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    PID:2596

Network

  • flag-us
    DNS
    center-ring.info
    fde4261782848225d165d1ddcca64174_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    center-ring.info
    IN A
    Response
  • flag-us
    DNS
    get-bluesee.info
    fde4261782848225d165d1ddcca64174_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    get-bluesee.info
    IN A
    Response
  • flag-us
    DNS
    groupmodel.biz
    fde4261782848225d165d1ddcca64174_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    groupmodel.biz
    IN A
    Response
No results found
  • 8.8.8.8:53
    center-ring.info
    dns
    fde4261782848225d165d1ddcca64174_JaffaCakes118.exe
    62 B
    141 B
    1
    1

    DNS Request

    center-ring.info

  • 8.8.8.8:53
    get-bluesee.info
    dns
    fde4261782848225d165d1ddcca64174_JaffaCakes118.exe
    62 B
    141 B
    1
    1

    DNS Request

    get-bluesee.info

  • 8.8.8.8:53
    groupmodel.biz
    dns
    fde4261782848225d165d1ddcca64174_JaffaCakes118.exe
    60 B
    122 B
    1
    1

    DNS Request

    groupmodel.biz

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2596-0-0x0000000000900000-0x0000000000940000-memory.dmp

    Filesize

    256KB

  • memory/2596-2-0x0000000000080000-0x00000000000AF000-memory.dmp

    Filesize

    188KB

  • memory/2596-9-0x0000000000210000-0x0000000000237000-memory.dmp

    Filesize

    156KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.