Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2da3dcea4e...18.exe

windows7-x64

7

2da3dcea4e...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    16s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    09/10/2024, 08:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2da3dcea4e5e586d010c02e922ce290c_JaffaCakes118.exe

  • Size

    2.8MB

  • MD5

    2da3dcea4e5e586d010c02e922ce290c

  • SHA1

    291270065fb04b963bbb1674547148a63f289487

  • SHA256

    d6b6f9acbae33c638230351c47f686a11a249951e0b056385aab72e889aea664

  • SHA512

    0bb47c6fb1b5e9dc8ef4755e30ba905b212b945f1b23e49ed33654223eccffc822d057a9033f00c3036981f2a1d1a106290ecd5e9e2972a09ba0ec3a9a034918

  • SSDEEP

    49152:1AGCplAJ8CCItRQt6B1te9z0BiYPF3tx71P:1YplERe9/uRf71

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2da3dcea4e5e586d010c02e922ce290c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2da3dcea4e5e586d010c02e922ce290c_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1768
    • C:\Users\Admin\AppData\Local\Temp\FlashAid40.tmp\FlashAid.exe
      "C:\Users\Admin\AppData\Local\Temp\FlashAid40.tmp\FlashAid.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      PID:2148

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\FlashAid40.tmp\BIOSHeader.ini
    Filesize

    198B

    MD5

    8c0146ba51058882b84e6bb9acd653dd

    SHA1

    f634b29348a67f7a16cfb57bde06ac9bea1d2fda

    SHA256

    ecf0b56ea097aff12d91367c688c05f9c6a5ecced8373a4fa58a4c66995a056b

    SHA512

    d15de2a254e9bfa13a61ec110f64e5673e2da9d0e088f7f4a26dbfc1a7b87e3d9bf1944bd472584974eb88643bea2b0190681f300393ae52434e0924f3fda43e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\FlashAid40.tmp\FlashAidMSG_ENU.ini
    Filesize

    2KB

    MD5

    ec6610995c3495510de40347b14a4e97

    SHA1

    36e70fbeb1ef6a8ba8edcd98aa7a4bb8e7bea723

    SHA256

    1fd5158cbb341a292184755833a1d6df698dd8c49a0689cb46dcad1fdee30c4b

    SHA512

    26a7b91b08091e031374e0876629f5d6ab92f055a46ddad4c08eab4fb0676aafbd6579449ac43b8b7f9d513514b41eaddd94f2b1be85733da136a4f30028451c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\FlashAid40.tmp\FlashAidRC_ENU.dll
    Filesize

    141KB

    MD5

    550b36b00cf6bdbd0c2183c59eab167b

    SHA1

    bcc24cc10de3c1cadff9c358de9ce6c20d1ac0ea

    SHA256

    3448e961faedcbc78efa539d12ff4d53b88ebe1b46fbcad2f17c0ee1ceaa6192

    SHA512

    8cfcc2406f32b00f8db500a600da9d0e83d3c3029e12baf014f265c53f00b43e22d073626e8f0ebfe7e217d511689898f62d7f8694e17e8d052c4164517c430c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\FlashAid40.tmp\FlashAid.exe
    Filesize

    124KB

    MD5

    34d8a6bcf2b3279022abbe42a2fe31c8

    SHA1

    161adf732fe7594ead5657f90572c716af550834

    SHA256

    b3949457b9c0c5f2c18416b26d58213dc54752fe6ee7512cd927210110ebf560

    SHA512

    5c0cdfecec6a2c53d67a15efb43dc5b08bc0404f434d8819769f8d40aacc08bb1402a226701996a7ef7f10ddc85cc022ab68180d2cd2b78301793abdf5ac2c98

    Download Submit