Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

463d924f02...18.exe

windows7-x64

8

463d924f02...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/10/2024, 06:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    463d924f023e80c3850d2b1c8561ad2b_JaffaCakes118.exe

  • Size

    731KB

  • MD5

    463d924f023e80c3850d2b1c8561ad2b

  • SHA1

    e0a8c887b51ec16a40ece73eeb333265e36fb60a

  • SHA256

    cea4e5f486fc3c2ee078e2a0d2256b97187ec772b1e291847d32e6fe8d095380

  • SHA512

    a994ccbdb44389cfe769d6f2b871ddf78632713d987dbf37d725d51c4ea15de676c18eff5a0530d45a9ea4108cdf5eec9a2234ccb3723dcb0b03b73b3ec1fdd6

  • SSDEEP

    12288:g8L25c+ugtP0AF9jh0zzF9zl04skRICpwPz/0wi6AoCPY1urkh//spebIl6nMfSF:gGr+hiAF9gR0aPpC/FAoCPY1urkh//sW

Score
8/10
discoveryevasionpersistence

Malware Config

Signatures

  • Disables RegEdit via registry modification 1 IoCs
    evasion
  • Disables Task Manager via registry modification
    evasion
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 8 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 16 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\463d924f023e80c3850d2b1c8561ad2b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\463d924f023e80c3850d2b1c8561ad2b_JaffaCakes118.exe"
    1⤵
    • Disables RegEdit via registry modification
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    PID:2920

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\USOShared\Virtuosa Phoenix Edition Crack.exe
    Filesize

    733KB

    MD5

    9c6ca6cadc484ff4196f33438316320c

    SHA1

    2e1039b510c1415fd019226b0c5040e5da9037ff

    SHA256

    79cbac293a40cc2dc1d1fa0c50d2213bdde1a38d0bc485c6189a4a199330ba28

    SHA512

    c6065a3366791595e49bc84bc02a4098294efb8e56c5c2132ada806a5b102b02588e9adb168219997f4a4b724a16030b565cffe632ec1e1d897464f4d8425dba

    Download Submit

  • C:\Windows\System\SystemNetBBS.dll
    Filesize

    163B

    MD5

    a4ee28db53188fc8722b5612f34e3fb5

    SHA1

    d878d54ee495f4b2c01031a7042a3797dce2df7f

    SHA256

    ab34cd96b9bf39ce881de72c8d52d49aa0716bcb71e62a91897f5c556dd7bc79

    SHA512

    2c05b35986960f20bd8bb7c435d92aaac0703e7da4a3c15bb343237cfb0b386547d77e1f43eaaa3f8d96cdf23335a170e201009fde418141de4f183f468c2140

    Download Submit

  • C:\Windows\System\SystemNetBBS.dll
    Filesize

    4KB

    MD5

    b58c6c539241a477f875478ca9677135

    SHA1

    7e198be87ae42dd9b53fb9289c3edb086c8dbdbd

    SHA256

    ae75cb02baae7b33b255ebeb1662cf0f4a63177e21b8d8084bedffcc3a5909f5

    SHA512

    e490fd865ecb69517d843bf3a395f4db9271b3e7136837fb26948d6d621484421643dd70df6772a7e9a79fcd26c7b4b580b4a9f2546dea224e4e770b7c8b4a2b

    Download Submit

  • C:\Windows\System\SystemNetBBS.dll
    Filesize

    2KB

    MD5

    a7aec6cec9f94cb06173d6f1abb46408

    SHA1

    ed732f4895c78a7d71cb24ce1a45ef59b08bb699

    SHA256

    744624448502448467cd622a1087c04cb2668057a07cb0d6328eef6a3395773c

    SHA512

    ceed6f0d0c7385d53091edb2d0bb6c9aafe46c34545a46266d658abfe72232e3d71b09fcb60ed6c7c865c6b595c304385c57a024bb372bd188b0a875cbe17133

    Download Submit

  • C:\Windows\System\SystemNetBBS.dll
    Filesize

    2KB

    MD5

    1a3023af0a8413d1d77ba35b6e87f45d

    SHA1

    03430bcf5a85c608511c17c97660aedd6e83b1c1

    SHA256

    49d230ab8dc79c80e80bf18e05557dc28a474c01cf9b9deffd3af8e7840b088d

    SHA512

    33a7f4ffdb30c0d17e512a2e6051d0c0855cb36beac5557c9576be161af9292800824216f2f83495ea49da22609c44d9723ba529bcda25a60ced19f30e45a1c6

    Download Submit

  • C:\Windows\System\SystemRunInternet.dll
    Filesize

    513B

    MD5

    17c29f31df126cd17ff8e451dc578248

    SHA1

    5845d93e1070b21e16ed944f6543acd0d5475aae

    SHA256

    abbee3ee94fae746f27968b8092031044638680fcb82035b17f6cdcbb9c5224d

    SHA512

    8eac9c88bfdbc5f8e143c2be85be383196dce04714164f6cf12ed9bc5b7942ed53328d90223cc989b5edb4768ec25b6574df844133f551817868c4b98000b2af

    Download Submit

  • memory/2920-0-0x00000000006C0000-0x00000000006C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2920-1849-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2920-1850-0x00000000006C0000-0x00000000006C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2920-1851-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2920-1863-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download