Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

0329bdf6a1...18.exe

windows7-x64

7

0329bdf6a1...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    30/09/2024, 20:34 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0329bdf6a1833890057279ab586a7dcf_JaffaCakes118.exe

  • Size

    3.0MB

  • MD5

    0329bdf6a1833890057279ab586a7dcf

  • SHA1

    48a52250d52212247896b231eae47d5070b694f2

  • SHA256

    10e2e188329f7462ac86bd745563f9476a5f348654e41bfe1270a3da312da280

  • SHA512

    ee046000dbf62c31fd4307bb34c095688e9dbc97fa89be9fccb82c56a1d6eaa5565e61c07f7784fc8bbff97404a56e986e60c5280d077bace2d58d64631a5275

  • SSDEEP

    1536:OKD0A2T3vLbsih9e8bTTpb/IgQmP9zKcTDB4w/UjlQ/dpKRq:352T3siXei5bcmP9JfUjW

Score
7/10
aspackv2discoverypersistence

Malware Config

Signatures

  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Deletes itself 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0329bdf6a1833890057279ab586a7dcf_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0329bdf6a1833890057279ab586a7dcf_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2688
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c c:\$$$$$.bat
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      PID:2628

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$$$$$.bat
    Filesize

    228B

    MD5

    ecab5a8eab4d80793ad8a9be47db2ff7

    SHA1

    32d2462ce6bbfbb94c637b4cffb94fac94e85a7c

    SHA256

    3f78e40c8802fe78461817871c71daf62c1498b617e6089edfb31ce1cc138c36

    SHA512

    fb64f14ddea4ce51ef68f815a39e09255506e8e6b8c8bff8f85755a88dc52be297839571a58e3067ba34bbc782ca62b6547f28c6959f96f874c112481a43806f

    Download Submit

  • C:\Windows\SysWOW64\drivers32\Tomb Raider - The Angel of Darkness No-Cd Crack.exe
    Filesize

    3.0MB

    MD5

    0329bdf6a1833890057279ab586a7dcf

    SHA1

    48a52250d52212247896b231eae47d5070b694f2

    SHA256

    10e2e188329f7462ac86bd745563f9476a5f348654e41bfe1270a3da312da280

    SHA512

    ee046000dbf62c31fd4307bb34c095688e9dbc97fa89be9fccb82c56a1d6eaa5565e61c07f7784fc8bbff97404a56e986e60c5280d077bace2d58d64631a5275

    Download Submit

  • memory/2688-0-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/2688-517-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/2688-826-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.