Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

17645db204...18.exe

windows7-x64

7

17645db204...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    05/10/2024, 10:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    17645db2041d4c3803716fa9cc062a59_JaffaCakes118.exe

  • Size

    394KB

  • MD5

    17645db2041d4c3803716fa9cc062a59

  • SHA1

    a63997b9c09e417ba4055cf4b4e7d56ec0a6a3a6

  • SHA256

    e68dda0a0da195b36bdc5ff0cd331111566e40611a599c069bee4c99c45ad32a

  • SHA512

    eed1f726e25141a886c86d631d1e7547db294ea200cf6faa67c46221abda661bbe4dd89d6ef1feec091dbf8bc2651baf69d305957f87f347df6a4a5305b0c5ce

  • SSDEEP

    1536:OKD0A2T3vLbsih9e8bTTpb/IgQmP9zKcTDB4w/UjlQ/dpKRq:352T3siXei5bcmP9JfUjW

Score
7/10
aspackv2discoverypersistence

Malware Config

Signatures

  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Deletes itself 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\17645db2041d4c3803716fa9cc062a59_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\17645db2041d4c3803716fa9cc062a59_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2848
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c c:\$$$$$.bat
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      PID:2180

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$$$$$.bat
    Filesize

    228B

    MD5

    dce566574b50abd4ba89bf4abf51b3e0

    SHA1

    e51b198ee360a410c28a4e33e99e7468ff6b9568

    SHA256

    8f6d07db5fa2ffb58eb14d4b777b3010e2c0edc0346ee0299e72b499e4f10cab

    SHA512

    ee6b300c59f114910e8e704e978803243c113c6f9f124554bc1ebeb2bf7e4880a6f937383b1d66bf047bd3eb422f989c06efdaad7c8e39b61c5685c193a6391f

    Download Submit

  • C:\Windows\SysWOW64\drivers32\Tomb Raider - The Angel of Darkness No-Cd Crack.exe
    Filesize

    394KB

    MD5

    17645db2041d4c3803716fa9cc062a59

    SHA1

    a63997b9c09e417ba4055cf4b4e7d56ec0a6a3a6

    SHA256

    e68dda0a0da195b36bdc5ff0cd331111566e40611a599c069bee4c99c45ad32a

    SHA512

    eed1f726e25141a886c86d631d1e7547db294ea200cf6faa67c46221abda661bbe4dd89d6ef1feec091dbf8bc2651baf69d305957f87f347df6a4a5305b0c5ce

    Download Submit

  • memory/2848-0-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/2848-535-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/2848-826-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download