Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

ff0b538ee2...18.exe

windows7-x64

7

ff0b538ee2...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    29/09/2024, 17:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ff0b538ee28b3affca6fcfa519667c4f_JaffaCakes118.exe

  • Size

    480KB

  • MD5

    ff0b538ee28b3affca6fcfa519667c4f

  • SHA1

    12a9a4c1aea54c63b5da0b12d3f3a44349c8cb8e

  • SHA256

    43d2e6d378e6e66b5510d5f2af2dbe8ed9afc04ff233bf29841054aeb0884033

  • SHA512

    284e80bf146cc51b6d6663df145b590f33329a4aa1f13fee5079116d7d55749f8ff1bcafb341f5fea92e66f9b60183526af8bdf9024551ad0310e9d72d8f879e

  • SSDEEP

    12288:pFswRYF6XYfSUcLX6kvOw5zVAPjJ1dAw7Nahd4MIUB:p5RYFQESUARqV1dAjnIQ

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ff0b538ee28b3affca6fcfa519667c4f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ff0b538ee28b3affca6fcfa519667c4f_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1964
    • \??\c:\90cc34642507609a9c\update\update.exe
      c:\90cc34642507609a9c\update\update.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      PID:900

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \90cc34642507609a9c\update\update.exe
    Filesize

    401KB

    MD5

    bb6bcd7f5502c9d9ad8a502aa1ad676a

    SHA1

    b6c0f356272fb45b818c83b3f4790645241d3c28

    SHA256

    e57bee1a287c4b619cdc11dae8f38f7318df6d99d50479730d6cacd9cc83e52d

    SHA512

    4dfd115a00c235931dbb18d585d6e4a41bbcd5eb62001e16e01f12bf9af66da8fb0a10a8f2ecc0d93d46c7719e3a8d1282ef9b51c05df0c498d1959b39b6439a

    Download Submit

  • \??\c:\90cc34642507609a9c\update\update.inf
    Filesize

    4KB

    MD5

    baeba8e52c1aa51bacd70862ea549160

    SHA1

    dcbb179dc336c5010a9ef8a6bbaf025c86c23281

    SHA256

    79f0d4a307419d1afe3b2e96857e89b25a5f31d635fb3f36032aef283d743033

    SHA512

    c0cbb814e35a90b91e6e30bae2b77c854e08cbc18f74570fba604bfbc029d287e516e2dc1b6363efef9089e9af0a8398d4ba125191a841da095c7c8deee7abef

    Download Submit

  • memory/1964-0-0x0000000001000000-0x000000000107C000-memory.dmp

    Filesize

    496KB

    Download

  • memory/1964-40-0x0000000001000000-0x000000000107C000-memory.dmp

    Filesize

    496KB

    Download