Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

24/10/2024, 21:50

241024-1qcy8avemn 10

24/10/2024, 13:17

241024-qjty2sxeja 10

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/10/2024, 13:17

General

  • Target

    73eb50d731889829becf58029a86eb45_JaffaCakes118.exe

  • Size

    28KB

  • MD5

    73eb50d731889829becf58029a86eb45

  • SHA1

    1c1b06f1b8a53fc3ccf365299251d32893a363d1

  • SHA256

    a2d4cc146cb1b62a7d4128b0e277c7411921cf9f77cc7577599a00697f3492b1

  • SHA512

    5e4348e1eef229728b4545d90a688ac48b55c55916501bb0c240f5c216e3eb6e65a75a051bc1400778684892d5cb609f3fd49c85d4cee13351a677db3b0ceda5

  • SSDEEP

    384:1vxBbK26lj5Id8SpHx9jLhsznnVxA1WmP5w7GGCJlqqwMyND52:Dv8IRRdsxq1DjJcqf3

Malware Config

Signatures

  • Detected microsoft outlook phishing page
  • Detects MyDoom family 8 IoCs
  • MyDoom

    MyDoom is a Worm that is written in C++.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • UPX packed file 27 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Windows directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\73eb50d731889829becf58029a86eb45_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\73eb50d731889829becf58029a86eb45_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1928
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:2892

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6IJLDY7V\G9IT41VV.htm

    Filesize

    153KB

    MD5

    b2e3f5057b267d64ecf580fe22070b7a

    SHA1

    61c504bf979b7110964504083d56f9c5ef9267ac

    SHA256

    2b421b1f42f3c17b3f1d5126fe4a8753cf429e27762243275437ba07f8a21cee

    SHA512

    42438691648b414b9f5b62c16bc74265b91b57bc9e5362121eec9fa63aa593b483f45363be4261dd1c40f6e12614deb8c3e32409899493a8c4b7630486bed674

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\H4VCA4X1\5V3XSKCR.htm

    Filesize

    153KB

    MD5

    7076e65b5d0f42a242ed6d5b74b7bf16

    SHA1

    19d617c0ec757416fb169972eb56d4bbfdf3ecfd

    SHA256

    2662cd44b60f5e3f88d53a21e0f1b68fbeb074147d2f4b901ba44b7ff6b21218

    SHA512

    5c29c1e6dbb1cb4ebbbb0c5151f331a996839486808b2c300e856e55b1d3a166357775219180eaf94e3867e88ab0b17761dc9721f074340e9dae26cc2d3f5847

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W9QJOIKH\results[1].htm

    Filesize

    1KB

    MD5

    ee432ecb0070528a072296c960488976

    SHA1

    4148880a3030c47760dced202eea51b0a01cfa95

    SHA256

    07fc6d5f3abef9d3810c933d53383b7e010cf6b0cf66cbd3db0e6786b7a1ac9c

    SHA512

    92c20317deea55b34ae5ca28cba78f93a91215d247a0bac40b02a601a4e789d7f72304608b966c2ac753c93b68c3ce7f75780769c8a10cf6fb47afae2e6e9aa2

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W9QJOIKH\search[2].htm

    Filesize

    25B

    MD5

    8ba61a16b71609a08bfa35bc213fce49

    SHA1

    8374dddcc6b2ede14b0ea00a5870a11b57ced33f

    SHA256

    6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

    SHA512

    5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

  • C:\Users\Admin\AppData\Local\Temp\tmpD6E5.tmp

    Filesize

    28KB

    MD5

    64e7fe2ca7ae2de78d9820e5787a7c06

    SHA1

    60cb0afd1623412623475d24451c91fb2b5bc1af

    SHA256

    8af2798395e9c6725a1178ce94db4abf38ea9cd113722932a564fb87541ed6c4

    SHA512

    8c44b3f3898c98aa9b7484183099032b43f847334eb03763ae689ab51c7278299fc363edc891490a3f9f0d4e43205e38f70180a9856e41b146b700f272724096

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    1KB

    MD5

    969bcd50f97776b3abcc3d886b5a9e93

    SHA1

    26a9985d8174e3b8b764279645cd7ffb85794653

    SHA256

    c85eb63153d480846363fcebec9b2f46c39a2881aed1f7ce10a38afe8d7d53a6

    SHA512

    b27adadbabfd19ec165341ec1218ed2333b71bcadc4df97a2c5f7594800b6824f7438f1a3ea64e99c9aac034a4771f62623af513a668be8f1437226eba34bb1f

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    1KB

    MD5

    55e03bb0dbe6a89ceffe27b271db5072

    SHA1

    6d3a67ee412f8dfba5e0a57a4777de8b33cf6853

    SHA256

    2cefba54d04720278ce942a0db47407b1d97c089e1b4f8dd4f3af578b705216c

    SHA512

    d9596fed7f23eec8741ed7eeb6f83f9272ada3ea8f8b925b66119605dd88fb952ba3c202854fd5d39886fd4b74e8994306461e3510688e48ed96a6d3dc871d24

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    1KB

    MD5

    7baa884ae2c0789760819a0257a69571

    SHA1

    012b359466fd7b0d8903e355c73ff52102bcc806

    SHA256

    a54be85e41e1bcd461c65d86e1ee1f34d83c18eaf6dcf07e6b7d76252f2ffdcf

    SHA512

    79067b579a160ea07ec116d016e1770a9f944447ff22ab24fb3b2c15eeb2a010186f9ff0a73c96a587d55a30a24d8fdb678429e975f71895e8e757324dc14741

  • C:\Windows\services.exe

    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

  • memory/1928-0-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

  • memory/1928-251-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

  • memory/1928-39-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

  • memory/1928-249-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

  • memory/1928-261-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

  • memory/1928-294-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

  • memory/1928-93-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

  • memory/1928-298-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

  • memory/1928-13-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

  • memory/2892-26-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2892-94-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2892-40-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2892-250-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2892-38-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2892-252-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2892-257-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2892-33-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2892-262-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2892-28-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2892-21-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2892-295-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2892-16-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2892-299-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2892-15-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2892-5-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB