Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

06535f9a6e...18.exe

windows7-x64

7

06535f9a6e...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    01/10/2024, 15:19 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    06535f9a6ef08636280a08498e6f311d_JaffaCakes118.exe

  • Size

    246KB

  • MD5

    06535f9a6ef08636280a08498e6f311d

  • SHA1

    1f68d001a65e9310e65e060f1eda0ca434b82b08

  • SHA256

    225286c75dd37cacfe9e9d95242103d87f436a3e1f685fb7de97721d4aee84d1

  • SHA512

    304a9596301aa6903936db291c0091fe09aea9476be2e1ca5d4cc6b4458a65a3261518f6634d70f7097bf8bf2ccf132aea3372b9c4c11e83bc365668400faf17

  • SSDEEP

    6144:fyW81ap2jBmhZzXjd+TJ4u148m+pCNrREW40b:R8AEEzzXpX44YIlREW40

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 6 IoCs
  • Drops file in System32 directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\06535f9a6ef08636280a08498e6f311d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\06535f9a6ef08636280a08498e6f311d_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1152
    • C:\Windows\SysWOW64\5554.exe
      "C:\Windows\System32\5554.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2776
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 88
        3⤵
        • Loads dropped DLL
        • Program crash
        PID:2812
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:2764

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\adidas-roundhouse-fall-2010-2.jpg
    Filesize

    43KB

    MD5

    db65aaf38e90003d325d52204f1530f9

    SHA1

    10f398eb61dd027c00158527a245cd31836327a0

    SHA256

    6fe4d5c57c111b2f19e2c25505e653bd88d801f74a463df107ceb6a5f1a21030

    SHA512

    091a9c63ebec7ff2c9d417e9cb8a3145d6e6520f084431334d3d66fac026fbab218308e9cc163b4533cbea54c4b2b12caf2c9116c1b6d6e7650f03a5ca7d1234

    Download Submit

  • \Windows\SysWOW64\5554.exe
    Filesize

    365KB

    MD5

    2054d93bf26b9e31766622fa6b57abed

    SHA1

    3430ddfd8321c6c5a089c75668e78037cb699251

    SHA256

    79342ae2f8a93da7ed66eec8c7bc7f59d923b817358843d8e98b007213c5b4b1

    SHA512

    795285e2cf8fb7f42c8159dc972a9ab98aa05eb8ecf2a432d00586a872c75ca3d757191087bb80ecf5565d9a432548f33370373f9f7cf8ad84de9cf528febe14

    Download Submit

  • memory/1152-6-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/1152-0-0x0000000000401000-0x0000000000403000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1152-1-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/1152-9-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/1152-11-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/1152-12-0x0000000003830000-0x0000000003832000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1152-3-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/1152-25-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/1152-2-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/2764-15-0x0000000000130000-0x0000000000131000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2764-13-0x00000000000B0000-0x00000000000B2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2764-32-0x0000000000130000-0x0000000000131000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2776-31-0x0000000044440000-0x0000000044457000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2776-33-0x0000000044440000-0x0000000044457000-memory.dmp

    Filesize

    92KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.