Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

5

05e8b73312...18.exe

windows7-x64

7

05e8b73312...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/10/2024, 12:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    05e8b73312abcd84efc80394f2222d02_JaffaCakes118.exe

  • Size

    83KB

  • MD5

    05e8b73312abcd84efc80394f2222d02

  • SHA1

    2961107aa597d2c276d1355048118cd1c973b18b

  • SHA256

    712f0c99f90ea9cc9caa04e82e80b4e8d1ae896b66833628f8d5d77b39d99930

  • SHA512

    718606ad5750fb1c0e835a262c631313bfadc38cdd2a6bedf3e0489635f1751257e3e8633c0c3ef06b43611878d23b73fa771ef95e4b2ff1ea37a8bab116ee74

  • SSDEEP

    1536:6wKKva3L9Q3N1s/B/gjHAl4wS1rILJrA4f4bAgL+CSGRQbg:6wLvab9GHsJ/54wSt0HCVLFl

Score
7/10
discoveryupx

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates connected drives 3 TTPs 42 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file 17 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\05e8b73312abcd84efc80394f2222d02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\05e8b73312abcd84efc80394f2222d02_JaffaCakes118.exe"
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3112
    • C:\Program Files (x86)\Common Files\Microsoft Shared\explorer.exe
      "C:\Program Files (x86)\Common Files\Microsoft Shared\explorer.exe"
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Loads dropped DLL
      • Enumerates connected drives
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:1364

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Common Files\Microsoft Shared\explorer.exe
    Filesize

    83KB

    MD5

    05e8b73312abcd84efc80394f2222d02

    SHA1

    2961107aa597d2c276d1355048118cd1c973b18b

    SHA256

    712f0c99f90ea9cc9caa04e82e80b4e8d1ae896b66833628f8d5d77b39d99930

    SHA512

    718606ad5750fb1c0e835a262c631313bfadc38cdd2a6bedf3e0489635f1751257e3e8633c0c3ef06b43611878d23b73fa771ef95e4b2ff1ea37a8bab116ee74

    Download Submit

  • C:\Program Files (x86)\Common Files\uiui8.dll
    Filesize

    17KB

    MD5

    90b1f2289c3121611de1b47a54803e38

    SHA1

    8c1a78e9e777072aa60c365feb94b4eaee93ee8a

    SHA256

    28267ad6e645fd72dcb1a218b709c85bcbe34ebb5468f9533b04ff34d7647e0c

    SHA512

    216423e0647d4e40df227cb1bc6b6efddd2e84f5e9a58048219d7e59ec61f46e43e5e47bc4ea4485ef7af6282052113b0e68b73655c3245ec48d826fb8d905d6

    Download Submit

  • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\8970.lnk
    Filesize

    449B

    MD5

    ae342318b288719168082ba3f26d8e33

    SHA1

    0464e616edc87b677de3e514a5e5baf696ac92ec

    SHA256

    331939a00efce9cab0dc7e690b7be7de0e3d2378f7ea48640bc80ead177332ec

    SHA512

    2e7d224df58bdc39395208fae51726c6d7eff76752c1fdc746da3294b159c1b6fbc9440354ff935c41b2d18d6734cfcc6c18fb726b78fc7d73d870a32cebda34

    Download Submit

  • memory/1364-45-0x0000000000400000-0x0000000000451000-memory.dmp

    Filesize

    324KB

    Download

  • memory/1364-49-0x0000000000400000-0x0000000000451000-memory.dmp

    Filesize

    324KB

    Download

  • memory/1364-36-0x00000000009C0000-0x00000000009CB000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1364-63-0x0000000000400000-0x0000000000451000-memory.dmp

    Filesize

    324KB

    Download

  • memory/1364-39-0x0000000000400000-0x0000000000451000-memory.dmp

    Filesize

    324KB

    Download

  • memory/1364-41-0x0000000000400000-0x0000000000451000-memory.dmp

    Filesize

    324KB

    Download

  • memory/1364-43-0x0000000000400000-0x0000000000451000-memory.dmp

    Filesize

    324KB

    Download

  • memory/1364-61-0x0000000000400000-0x0000000000451000-memory.dmp

    Filesize

    324KB

    Download

  • memory/1364-47-0x0000000000400000-0x0000000000451000-memory.dmp

    Filesize

    324KB

    Download

  • memory/1364-35-0x0000000000400000-0x0000000000451000-memory.dmp

    Filesize

    324KB

    Download

  • memory/1364-51-0x0000000000400000-0x0000000000451000-memory.dmp

    Filesize

    324KB

    Download

  • memory/1364-53-0x0000000000400000-0x0000000000451000-memory.dmp

    Filesize

    324KB

    Download

  • memory/1364-55-0x0000000000400000-0x0000000000451000-memory.dmp

    Filesize

    324KB

    Download

  • memory/1364-57-0x0000000000400000-0x0000000000451000-memory.dmp

    Filesize

    324KB

    Download

  • memory/1364-59-0x0000000000400000-0x0000000000451000-memory.dmp

    Filesize

    324KB

    Download

  • memory/3112-0-0x0000000000400000-0x0000000000451000-memory.dmp

    Filesize

    324KB

    Download

  • memory/3112-28-0x0000000000400000-0x0000000000451000-memory.dmp

    Filesize

    324KB

    Download