Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

ff945d1b82...18.exe

windows7-x64

7

ff945d1b82...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    30/09/2024, 00:30 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ff945d1b82c4732295e45dcbf5352286_JaffaCakes118.exe

  • Size

    293KB

  • MD5

    ff945d1b82c4732295e45dcbf5352286

  • SHA1

    700383cde8763449fe891de997b821a751fedca8

  • SHA256

    d4c258a538b6ccdd09abf7b74a43f322760214d198146c8b34ff8aa1d7f2471f

  • SHA512

    15226b979481a146b1f1923b65d12b69de9a91cc5d99a018db99b6018295ef1494b808452c6306c36ff6aab0c1988685d923920d53817cfff05acd7f7cae6081

  • SSDEEP

    6144:KF89lfVHFmCjWmi1v8x4FYfhBwi2L+yotn7BIFOULE+gZpttABbw1/PRoR0:KF8PfVHFDWC4mfhDoHACO+ngttAw/Pqa

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ff945d1b82c4732295e45dcbf5352286_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ff945d1b82c4732295e45dcbf5352286_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2792
    • C:\Windows\internat.exe
      C:\Windows\internat.exe -FIRST
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2568

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\internat.exe
    Filesize

    293KB

    MD5

    4964f0e28eb223ae7e0b15edf8ae2cdc

    SHA1

    09bbb5ededa9f2b9ce9e9ffd6f7d32a9af184fa5

    SHA256

    e36756064e814c128972837a87535f3e08de04bb3c49d3953d8ca14d592cfd29

    SHA512

    ae0eabca13dddffe25e7fcd8675724366c845e08fccb1a058d2a2efaebc47d4311033189df93b12d76364d4b7a6f7a1e8cbbee06dc1fc335aa6f79180262729e

    Download Submit

  • memory/2568-16-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2568-19-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2568-26-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2568-12-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2568-13-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2568-14-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2568-15-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2568-25-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2568-24-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2568-17-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2568-18-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2568-20-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2568-21-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2568-22-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2568-23-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2792-8-0x0000000003450000-0x00000000034C8000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2792-0-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2792-11-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.