Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

033ec0da9e...18.exe

windows7-x64

7

033ec0da9e...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    30/09/2024, 21:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    033ec0da9e1a9b534983bd3534f32192_JaffaCakes118.exe

  • Size

    280KB

  • MD5

    033ec0da9e1a9b534983bd3534f32192

  • SHA1

    edea0f1a9506e5236085f5534fbdc11fdc11cd13

  • SHA256

    7d4dade0869e753dc5b43ec07e97fb33ac6f1aea6d883f5c8c4a62c6bde11311

  • SHA512

    728d7d2e68c60cc3d56ef4999d049b29d3a1d5bc84ec406bbc3e97c88389370991446df1a263cf236a12430e2323b268b5767e698fd4d1b76739ec859f5af0db

  • SSDEEP

    6144:AcTOayrPKT6yUazPicjbqIGTnRw1/nRRT/JdMbQd:73eCT6L88TnRsvRJJdS

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\033ec0da9e1a9b534983bd3534f32192_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\033ec0da9e1a9b534983bd3534f32192_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:1304

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\abc.lnk
    Filesize

    965B

    MD5

    f229ac7edaea13edc4bf31635bcb8561

    SHA1

    1b016c93202399701a062028e2557a0a630edfdb

    SHA256

    5e4cb1aba71e5a45792ae344731a10c1fab0c0a12072a3969dbca37e771b74cc

    SHA512

    e4776a3de6f3a7daa003cbad7489966eb5fb0390ae88712d51d3fdb1f07646ba4c7c43b1e5068a65efab2404c107c76135dcebd6e9e77f5f8ff1e572a64009c5

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
    Filesize

    1KB

    MD5

    909c509b6747a992359df31015d3ae3b

    SHA1

    c9c3dc6e265e0b1331a3a40b8e3585e0241ee831

    SHA256

    dac3ca32cd766486ee00ee8db2cb8abaefd31f757dd265b09ec77a3b7b08e0d4

    SHA512

    80ab20c7fefdbcb7288f3109f1d838d6d73787426acb8dd9db86d404c463a98ef70cee48df5f2d62a4fb7f6931f8ae90919bec0deb8bfd662db9c50f1d283d91

    Download Submit

  • C:\Users\abc.lnk
    Filesize

    1KB

    MD5

    a4395816ac77918e37718d91b4122ce5

    SHA1

    1135119a48f4e6339c12956a860cdc1d8bc7598f

    SHA256

    0b7a8f5c28f3baf973d018220cbbac1461265cc8db5baeee91d9b3f637ea5798

    SHA512

    748b0182d1e2fcc7a8bde44f1b6b22af9250c255c14c1329b5b22a9fca2d69906b4be0443683485bfc56813a3d2e4014a10db90a653a62a95669bbcc076d8ccf

    Download Submit