Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

ffb9eefb05...18.exe

windows7-x64

7

ffb9eefb05...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    30/09/2024, 02:00 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ffb9eefb050382085d620cafd119e22e_JaffaCakes118.exe

  • Size

    640KB

  • MD5

    ffb9eefb050382085d620cafd119e22e

  • SHA1

    43f4e0afed4b5dbfe0c838070f9d7aa4cf7f64ad

  • SHA256

    9ad9a6aa2a21b91ae6015c67191273791cd8406d97193d1563064c4d7b9c017a

  • SHA512

    3a473e63e0cb3c40b040e354930ccb8419ed5bd884483234901d16df0c06e041ac69153b3200b9116dbc53b45bf0fb2681ab8643eba9e9be45c51947db18bd9f

  • SSDEEP

    12288:5na9giX+IuJQH520T4WuHePvFmWeJKKacwtcvS38LCJQBtdGs1rBLsJ:5na2DctTs6FmWeIcmkS3rJQBtUkBgJ

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ffb9eefb050382085d620cafd119e22e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ffb9eefb050382085d620cafd119e22e_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1400
    • C:\Users\Admin\AppData\Local\Temp\is-952U5.tmp\ffb9eefb050382085d620cafd119e22e_JaffaCakes118.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-952U5.tmp\ffb9eefb050382085d620cafd119e22e_JaffaCakes118.tmp" /SL5="$400E0,356969,54272,C:\Users\Admin\AppData\Local\Temp\ffb9eefb050382085d620cafd119e22e_JaffaCakes118.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2676

Network

  • flag-us
    DNS
    rkverify.securestudies.com
    ffb9eefb050382085d620cafd119e22e_JaffaCakes118.tmp
    Remote address:
    8.8.8.8:53
    Request
    rkverify.securestudies.com
    IN A
    Response
No results found
  • 8.8.8.8:53
    rkverify.securestudies.com
    dns
    ffb9eefb050382085d620cafd119e22e_JaffaCakes118.tmp
    72 B
     156 B
     1
    1

    DNS Request

    rkverify.securestudies.com

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-952U5.tmp\ffb9eefb050382085d620cafd119e22e_JaffaCakes118.tmp
    Filesize

    688KB

    MD5

    c765336f0dcf4efdcc2101eed67cd30c

    SHA1

    fa0279f59738c5aa3b6b20106e109ccd77f895a7

    SHA256

    c5177fdc6031728e10141745cd69edbc91c92d14411a2dec6e8e8caa4f74ab28

    SHA512

    06a67ac37c20897967e2cad453793a6ef1c7804d4c578404f845daa88c859b15b0acb51642e6ad23ca6ba6549b02d5f6c98b1fa402004bdbf9d646abab7ec891

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-LJEP9.tmp\Games.inf
    Filesize

    227B

    MD5

    fac89818bcaf192fcf89e500a3f52953

    SHA1

    b23c8f7d3bde4b8f7f8df1cca641847648c983b4

    SHA256

    d6faa29ef0462146f9616a8260cc684e666f7d72dbc267567872e11eadb11150

    SHA512

    69552ff52da9559b400ac4298a93bec5c7ff6b1fce15349789cd8cf26f60a1a067f770e0bd157373381f5fa99cd6db34fd1571c3993dc1b202378df039dd8503

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-LJEP9.tmp\_isetup\_shfoldr.dll
    Filesize

    22KB

    MD5

    92dc6ef532fbb4a5c3201469a5b5eb63

    SHA1

    3e89ff837147c16b4e41c30d6c796374e0b8e62c

    SHA256

    9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

    SHA512

    9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-LJEP9.tmp\isxdl.dll
    Filesize

    49KB

    MD5

    02ecc74f7f91e9ffd84de708683236a6

    SHA1

    3532de0b77df8b0fc89e9c7eddec3fa71f98f5a2

    SHA256

    30ad8a0e1cee091ca48c771adb2e76baf1a7d54b9f60dc47f54dfdc2d6f6691e

    SHA512

    a3fdaa651f82428395bc412a2a04fce673768d3ef088b3748addf337d95464eb141ae7c286bff5c705eae05dd7b38207629588ae7e89ada15269463cd7acf541

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-LJEP9.tmp\itdownload.dll
    Filesize

    200KB

    MD5

    d82a429efd885ca0f324dd92afb6b7b8

    SHA1

    86bbdaa15e6fc5c7779ac69c84e53c43c9eb20ea

    SHA256

    b258c4d7d2113dee2168ed7e35568c8e03341e24e3eafc7a22a0d62e32122ef3

    SHA512

    5bf0c3b8fa5db63205a263c4fa5337188173248bef609ba4d03508c50db1fd1e336f3041ce96d78cc97659357a83e6e422f5b079d893a20a683270e05f5438df

    Download Submit

  • memory/1400-0-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/1400-2-0x0000000000401000-0x000000000040B000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1400-35-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2676-8-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/2676-18-0x00000000003C0000-0x00000000003FC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2676-36-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/2676-37-0x00000000003C0000-0x00000000003FC000-memory.dmp

    Filesize

    240KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.