Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

0013210c0c...18.exe

windows7-x64

8

0013210c0c...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    30/09/2024, 07:00 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0013210c0c72e1986c321e41190b187c_JaffaCakes118.exe

  • Size

    336KB

  • MD5

    0013210c0c72e1986c321e41190b187c

  • SHA1

    103fec1a835e5481d17affa4cba6b0728e7be778

  • SHA256

    c7a08592bdf69cac3585687e7901b3864d46a17c3f3b41638f59d4b62dc2b6e2

  • SHA512

    787cdc54b32e7fda314f0c0d8a9c149741d85cdc16755b2a196d5fd79d5c5c07157614017be399ebdd569dc9f132829fc3a6800639a98ff1c1aeb7c5eeb5b925

  • SSDEEP

    6144:+8U2qy6rRZb7jxGYKSTJDPM83llq9v+evY56asFmZluUbbVizdKRJoE5:gzy6rRxE8UOlwvVvY5homZIUM0Rqe

Score
8/10
discovery

Malware Config

Signatures

  • Drops file in Drivers directory 10 IoCs
  • Drops startup file 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0013210c0c72e1986c321e41190b187c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0013210c0c72e1986c321e41190b187c_JaffaCakes118.exe"
    1⤵
    • Drops file in Drivers directory
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2252
    • C:\Windows\system32\drivers\etc\start1.exe
      "C:\Windows\system32\drivers\etc\start1.exe"
      2⤵
      • Drops file in Drivers directory
      • Drops startup file
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2332
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ""C:\Windows\System32\drivers\etc\Death.bat" "C:\Windows\system32\drivers\etc\start1.exe" "
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2728
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • Drops file in Drivers directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    PID:1628

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\System32\drivers\etc\127014_128820_f_640x480.jpg
    Filesize

    133KB

    MD5

    707b441ffca81e2d2d884c27e92f6899

    SHA1

    9c847992fa5af864ba8b230fb8c48a7f76acc2d3

    SHA256

    957cfd51a3c7d5dd11af2036e03f760c6151cdc082bb49008adfbf2f7efb1e3b

    SHA512

    1f3b951442d5bf5ac9decce94954103a2ec90741dc447a2a0a2d2ef1608554fdd745e75fdf9814bcaa3c773ea49f0df5537f78558e83f70edc27204ff1e8456c

    Download Submit

  • C:\Windows\System32\drivers\etc\Death.bat
    Filesize

    38B

    MD5

    50a94effec08179504ef46949486ef63

    SHA1

    c36bcfbc6d85d0ae7b5642655985ecc2ab1f9e1d

    SHA256

    149194e913c7900de706a6a48db7695059b91fd63ebc75b373355c7009fb62e2

    SHA512

    095c1914e290377676cfbf07c52fb321d8e51638229810e560447e4db51d2e4dff8bfa870b009029692e12c0b9fe9c1fcf74dde30c3f68297631ff4ea6bbe283

    Download Submit

  • \Windows\System32\drivers\etc\start1.exe
    Filesize

    85KB

    MD5

    1fdedba9d6a2a34d161dd82a58bfa957

    SHA1

    95b8b6ce5cde603ae1eb7cc1bba7c93046034bce

    SHA256

    5fdc780cb9d0493aa9376ad9bb01dcb0b45b629ad19e661e490190629f470a3d

    SHA512

    fa6dd3e9e834ce1462481aa2d24d9bc7642cf5f163f40aebb7962fa3abd9981e7363fa70b7f0a30815559f64e28fb1442210d555479b7ed8a4b4858ef96d6ec7

    Download Submit

  • memory/1628-22-0x00000000001E0000-0x00000000001E2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2252-11-0x00000000023F0000-0x0000000002418000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2252-17-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/2332-18-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2332-21-0x00000000021B0000-0x00000000021B2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2332-35-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.