Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

0a791877c0...18.exe

windows7-x64

7

0a791877c0...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    130s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    02/10/2024, 11:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0a791877c0976140a5150411bbb59628_JaffaCakes118.exe

  • Size

    983KB

  • MD5

    0a791877c0976140a5150411bbb59628

  • SHA1

    52eabcb6afff9feb5d764df293c2dd291c668c63

  • SHA256

    a3aebff4764c14763880d670a1cb4f6aaceb8f6c53c0dd9b2bd382dda112686d

  • SHA512

    068e01f0b1c9bc262378a8307d11e7a0d71d7017999d842dda457b202ccf110a4d2ec65154e9925e63748c5b53eca61794f811068a512d67a0f0d2a005119884

  • SSDEEP

    24576:eQdMmNOxHxMMnUL63IWn3YqyUJm/ZgD9:eQdMmGHqkIE3Ysua

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 6 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0a791877c0976140a5150411bbb59628_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0a791877c0976140a5150411bbb59628_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:572
    • C:\Users\Admin\AppData\Local\Temp\Jgl_Rt\temp1.exe
      "C:\Users\Admin\AppData\Local\Temp\Jgl_Rt\temp1.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:1988

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\Jgl_Rt\jesterrun0.dll
    Filesize

    22KB

    MD5

    3c090bac965ee3543728d16b87a4d29f

    SHA1

    859fbb59a7d8468100d20fd120a100d555651438

    SHA256

    e54391a41a9a2807f1f5117a5e2947e9bc2875ae91fa2ac8868d26a3208d7d39

    SHA512

    de351362ee253d63a4eea0f66cb5172bd219c51774e58186add730e6f752b94a7ae0ef4bafc22aa260532410a75bc9c01d7355c3d707168683f3e925d68a2dd8

    Download Submit

  • \Users\Admin\AppData\Local\Temp\Jgl_Rt\temp1.exe
    Filesize

    1.3MB

    MD5

    92fa557391461811097413b1ac25a001

    SHA1

    4d680c6a7f86955519d4ed6cc0a8b625ae47ac3b

    SHA256

    d7ac675056a8860246f20892db0d9e8af43b6e3cc42ae32a8a5cfb85c9ab2117

    SHA512

    87d6a7e9cf52c0313f8c8a543b1696220abbf9365910dfd7a35fca72c38f048658c63147f72ff75185e89578d8e4f6e4f7ef64f5a637f0a607646fb2cdcd1900

    Download Submit

  • memory/572-0-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/572-23-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/572-24-0x0000000000230000-0x0000000000240000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1988-25-0x0000000000610000-0x0000000000620000-memory.dmp

    Filesize

    64KB

    Download