Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

179c968494...18.exe

windows7-x64

7

179c968494...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06/10/2024, 09:55 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    179c96849446270f65485a281dec13c7_JaffaCakes118.exe

  • Size

    458KB

  • MD5

    179c96849446270f65485a281dec13c7

  • SHA1

    cf4fcfda49922fa115362a8ebed81c4250702b38

  • SHA256

    ce1ed4a644797ed92066b90fd1ee5150b99997b0f748e52e838549da90f82dd1

  • SHA512

    8354185766c5459780aa76026c2529e6cf1e8e1b988b972802fe7bb6a3d30093fec72a9040de637e6ddec10fb600c1617aa1debc9759efa0b8bde40e5dc0c884

  • SSDEEP

    12288:yCGThBIm7P7RFbkJUY6dbGTayLNZlFt7YsBsD6VjaFLN+K1SYET7:yVMmD7XwJQd+xZHyMsD6dGNL1SB3

Score
7/10
discoverypersistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\179c96849446270f65485a281dec13c7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\179c96849446270f65485a281dec13c7_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1592
    • C:\ProgramData\hLmPg04300\hLmPg04300.exe
      "C:\ProgramData\hLmPg04300\hLmPg04300.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:2324

Network

    No results found
  • 91.193.194.171:80
    179c96849446270f65485a281dec13c7_JaffaCakes118.exe
    152 B
     3
  • 195.3.147.14:80
    hLmPg04300.exe
    152 B
     3
  • 91.193.194.171:80
    179c96849446270f65485a281dec13c7_JaffaCakes118.exe
    152 B
     3
  • 195.3.147.14:80
    hLmPg04300.exe
    152 B
     3
  • 91.193.194.171:80
    179c96849446270f65485a281dec13c7_JaffaCakes118.exe
    152 B
     3
  • 91.193.194.171:80
    179c96849446270f65485a281dec13c7_JaffaCakes118.exe
    152 B
     3
  • 91.193.194.171:80
    179c96849446270f65485a281dec13c7_JaffaCakes118.exe
    152 B
     3
  • 91.193.194.171:80
    179c96849446270f65485a281dec13c7_JaffaCakes118.exe
    152 B
     3
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \ProgramData\hLmPg04300\hLmPg04300.exe
    Filesize

    458KB

    MD5

    b2dfb7390c76176c2ab41017a7da262b

    SHA1

    9a2de30d1bed553f37d08e5f07b3a6f6be26c583

    SHA256

    28a3e6fc1929e9a471d27b60ad9646a02864cf9b80fd9365773021f847f9301d

    SHA512

    62eb0a4061596cf741dcd531e5d9f3126946a7f2e0d46686618a8656521f589b6dee7431fbeaf65cbd4094c87ab839f8d65e54cd034d1a02b05b7b5f4823e893

    Download Submit

  • memory/1592-1-0x0000000000400000-0x00000000004E6000-memory.dmp

    Filesize

    920KB

    Download

  • memory/1592-0-0x0000000000370000-0x00000000003DD000-memory.dmp

    Filesize

    436KB

    Download

  • memory/1592-19-0x0000000000400000-0x00000000004E6000-memory.dmp

    Filesize

    920KB

    Download

  • memory/1592-21-0x0000000000400000-0x00000000005DC000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1592-52-0x0000000000400000-0x00000000005DC000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1592-53-0x0000000000400000-0x00000000004E6000-memory.dmp

    Filesize

    920KB

    Download

  • memory/2324-14-0x0000000000400000-0x00000000005DC000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2324-15-0x0000000000400000-0x00000000005DC000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2324-20-0x0000000000400000-0x00000000005DC000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2324-37-0x0000000000400000-0x00000000005DC000-memory.dmp

    Filesize

    1.9MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.