Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

074076bc77...18.exe

windows7-x64

7

074076bc77...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    94s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/10/2024, 20:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    074076bc7792e30bf31a80f9e3f748fa_JaffaCakes118.exe

  • Size

    248KB

  • MD5

    074076bc7792e30bf31a80f9e3f748fa

  • SHA1

    b736275bb514077dfde1c4eb312b717b3f7ef00a

  • SHA256

    f0b62a516e67578af742ddb306ebd18e63c1ff662804a11a284c3c13294223c5

  • SHA512

    f3433a027512692b13a083630db5d2a7fa5df73935974eb0f7b4c6afb2c6f902bbe75ac2e2569f67df5c4855bec05d0f08c802aecc3a8522c48296826705e52f

  • SSDEEP

    6144:fcPzUqMwjiIDmIuAuAVNgM8rxTroyxhc1mcP/:80AuAVNRyTcyxhml3

Score
7/10
discovery

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\074076bc7792e30bf31a80f9e3f748fa_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\074076bc7792e30bf31a80f9e3f748fa_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:4396

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\imi7956.tmp
    Filesize

    172KB

    MD5

    4f407b29d53e9eb54e22d096fce82aa7

    SHA1

    a4ee25b066cac19ff679dd491f5791652bb71185

    SHA256

    cf0ecf30fc95800a34105acb9bcb484bb594a35b3ef26ace8f122af4f9f888dc

    SHA512

    325f7b599455195101e4c0dafd3654906d20ed2c1ce2a5f38784635e16ab545df6ee44a83bed6128239be2dee5be110552c7b246b7f52482ab31552e14b54183

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nmi7986.tmp
    Filesize

    75KB

    MD5

    a6f2b2daf0a61f2f213a601c749bdf0b

    SHA1

    6fbbfe278786c6c9745d645691474115b97c0b0d

    SHA256

    e90aa0f2ec9dd75b53876de8616e0415114b106202bdbe3b8b2df51698c49fc3

    SHA512

    05417d6e0c1ed002eba13880003cb2e226895aa46d298f94ce99ca95d03ad6d27247cb98f0f1f1f37ac0f5e07f61eff6cc6e31a29fd8ab4cc88ffb390511e886

    Download Submit

  • memory/4396-4-0x00000000020B0000-0x0000000002124000-memory.dmp

    Filesize

    464KB

    Download

  • memory/4396-16-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/4396-18-0x00000000020B0000-0x0000000002124000-memory.dmp

    Filesize

    464KB

    Download