Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

25df331b62...18.exe

windows7-x64

8

25df331b62...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    13s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    08/10/2024, 21:43 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    25df331b6280e9e520493b82eec20100_JaffaCakes118.exe

  • Size

    345KB

  • MD5

    25df331b6280e9e520493b82eec20100

  • SHA1

    2b73d1395be8053137caa75a5141593878232bf9

  • SHA256

    11eb6c5eb42f8461b3df25d268fc4ed11eadf20c1b4cd519b0040b047453a7c1

  • SHA512

    e9cba56b80f317a82d34b62fa1fdcd060edfa1f332abfbe19080026df69747ca7ec1b63ae438ac8eb95974c92c558734c8d707ec6f5203e384517ef85ae739e9

  • SSDEEP

    6144:IiV3M7tydyE7ztsY4yTr8bjeJwj2EItHp4Pl6yzh0H0xH9NDDOfHvAh:Iu3URWtsYf8PemjE8h0UxH9ND6fvk

Score
8/10
discoverypersistenceprivilege_escalation

Malware Config

Signatures

  • Event Triggered Execution: AppInit DLLs 1 TTPs

    Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    persistenceprivilege_escalation
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\25df331b6280e9e520493b82eec20100_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\25df331b6280e9e520493b82eec20100_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of UnmapMainImage
    PID:2168
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {2FD81A1C-8F9D-4BD5-9E1D-D6EF30815B48} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2964
    • C:\PROGRA~3\Mozilla\ndribzb.exe
      C:\PROGRA~3\Mozilla\ndribzb.exe -eciltya
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of UnmapMainImage
      PID:3048

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\ndribzb.exe
    Filesize

    345KB

    MD5

    a35bf92bf1f2d2f4bf9370279dae8cba

    SHA1

    1569935679646a45344340c0fe079c12d71c3d1c

    SHA256

    216b70f997053ea0a4062a2de40a600bab4772330039d83f1c3f4f0ff6df7999

    SHA512

    b9aca8154d2c253fe2e3daf2bda28067c732be1031c61b7b43a5f1bd0138b39954e78b36fab73a7e4b2ec478896d72fe5770a64911d883e07ee97318e14ddeea

    Download Submit

  • memory/2168-1-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2168-0-0x00000000002D0000-0x000000000032B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2168-3-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2168-4-0x00000000002D0000-0x000000000032B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/3048-7-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/3048-8-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/3048-10-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.