Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

392c777f11...18.exe

windows7-x64

10

392c777f11...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2024, 08:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    392c777f11cda68aca6f5a470178bdbf_JaffaCakes118.exe

  • Size

    164KB

  • MD5

    392c777f11cda68aca6f5a470178bdbf

  • SHA1

    cbe9ddeff7a59adbbf128ea2e52080966554390c

  • SHA256

    95d702bd69a049621b0db38d41a53e7277afd9dd6a9c5be60470fee4f5a0e025

  • SHA512

    3b485abd981d813ee54a49df066dd08afa80d679ca100430d1ef01ddc7ad6e1dc605c0c802fd5c139ad24966c68715d5b5bd12da1e056f515626a2e011985744

  • SSDEEP

    3072:+2M+eV02GJyjqGFvEZM1hLUCPXXgKVxkzP/Xk19LE+GlMt2IFYEdePWj6D8NNHfd:+k2GJyjqGFvEZM1hLUCfgKVxkzPPk1x+

Score
10/10
discoveryevasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 52 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\392c777f11cda68aca6f5a470178bdbf_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\392c777f11cda68aca6f5a470178bdbf_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2936
    • C:\Users\Admin\xeruz.exe
      "C:\Users\Admin\xeruz.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1228

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\xeruz.exe
    Filesize

    164KB

    MD5

    ed49971a52611fa2c2d93738c293889e

    SHA1

    a85f693cb4b6b3ffa5ed3a604dcb8985c915ca5f

    SHA256

    a4104c8b7b96a9bbfd8975bf10496a98d6e5e922bc36f526f1dfbb10685b4be6

    SHA512

    6e0571e0a26abb5a612d31b4591fbf429c9e0dd07c10cf35b7bcf684f7e6041c89c6463dabe7624aebab1036999f2afd7817503da061e19475a0019365f28d2a

    Download Submit