Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
03/10/2024, 07:08
General
-
Target
0e832e574510a22951c300d7782c448a_JaffaCakes118.exe
-
Size
386KB
-
MD5
0e832e574510a22951c300d7782c448a
-
SHA1
8eb822278a93ea45052413627ccc9bdafebec93a
-
SHA256
7595cc3dfdaab2451a9ef5cbbcf259ec2636e37bcf88765d5c1acbc2bb16f2d1
-
SHA512
e152ed07fc4d4f6ee0a9fde6adfd574f2156c7fb7ea63c7994258a0e1b064513130d2e221ec5b71477084d62287f882a2274caf005b8dce5b4f9722082d3887f
-
SSDEEP
6144:xqMDEd0sOsFObZsdV42A88jntY5Kt5Fx6Jbs27TPy4Ghb4JP30pIX:pDEj/UV2N8DtrgbsD+JP0pIX
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
UPX packed file 5 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SendNotifyMessage 2 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0e832e574510a22951c300d7782c448a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\0e832e574510a22951c300d7782c448a_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\aM28601BhPkJ28601\aM28601BhPkJ28601.exe"C:\ProgramData\aM28601BhPkJ28601\aM28601BhPkJ28601.exe" "C:\Users\Admin\AppData\Local\Temp\0e832e574510a22951c300d7782c448a_JaffaCakes118.exe"2⤵
- Deletes itself
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
192B
MD5646f4b57b5fa5f81f02216c419b3e0dc
SHA1c1021be625a7559cd9a35552b41e888ec1452932
SHA256f4a46bba532655c37515223634f87a478ae4baa5cea21c724a48c3961639a54a
SHA512137a710e22497100a20647704066c6ca88e5082677f377a3370eedb546873b1c7ec873597f4f532fc35cdb8b536e5abd762dbcbbf360d2169495028509653af8
-
Filesize
386KB
MD55653a5952e0be50b407aa83de644d4fa
SHA1ce876904e320681696e97534c0146b5c8ee987d5
SHA25653cc470bf8a921e4aff069792431339d0194e5841a44141486418c20a73b81d4
SHA512150d0914f7a1dd2558b61ab6ba66381969cc2fcda5908aedf423a09e16b19e7134ef3597a20d507e2018ad2de0e01ddd2f5b14300c4007d390d131cde2c2e7f9
-
Filesize
772KB
-
Filesize
772KB
-
Filesize
772KB
-
Filesize
772KB
-
Filesize
8KB
-
Filesize
772KB
-
Filesize
772KB