Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
08/12/2024, 07:33
General
-
Target
d5eddf7321df60483dec4138d26e2118_JaffaCakes118.exe
-
Size
170KB
-
MD5
d5eddf7321df60483dec4138d26e2118
-
SHA1
3955158ee5711e9ce9cecc5f7146ef931254018e
-
SHA256
2dbfb33c7983dabc2d94ca0018661a0ac22f3fb212e13fcdc144f6a933bc3761
-
SHA512
3739d17a9e026618c5af6e2bd6b703b9b16cf8b1ea6ebbba0210df102434984c2ac1bb990cc2ea740af9d64b39168a6a8cba790857577a3ace2a0c66b74e4c9c
-
SSDEEP
3072:D2d9X4953BCnv+nbPyx/gKeGv6QyqV9ERa9zPdolLPE0wazbIL6TR:DUI9tTbxK/v2qrV9zPOlLPE/Y
Malware Config
Signatures
-
Cycbot
Cycbot is a backdoor and trojan written in C++..
-
Cycbot family
-
Detects Cycbot payload 5 IoCs
Cycbot is a backdoor and trojan written in C++.
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
UPX packed file 7 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d5eddf7321df60483dec4138d26e2118_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\d5eddf7321df60483dec4138d26e2118_JaffaCakes118.exe"1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\d5eddf7321df60483dec4138d26e2118_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d5eddf7321df60483dec4138d26e2118_JaffaCakes118.exe startC:\Users\Admin\AppData\Roaming\dwm.exe%C:\Users\Admin\AppData\Roaming2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\d5eddf7321df60483dec4138d26e2118_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d5eddf7321df60483dec4138d26e2118_JaffaCakes118.exe startC:\Users\Admin\AppData\Local\Temp\csrss.exe%C:\Users\Admin\AppData\Local\Temp2⤵
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD557485cd83ff95eca04edeeecd092049e
SHA1105c78f9ef564aef4d265c212ebb98c962c36ae9
SHA256ae195d4fb29e26c6494e52e718c6380762925e587df4310dc8d95080d7a704e5
SHA5126bce08c7cff64ac9f6d4c89b4e59c894398f6fb4ac9c29e3c629b55c1485994adbc783b74ad89ce29a8c888020d02264577043af0ab520f8a07cb8b2f0accb31
-
Filesize
600B
MD551872002d898b58e9a5dce520f0dda51
SHA1996cb23516903d72d84f4f9f849a303313efbf71
SHA25605f1985ba67a35b82197a7c0bd818fdecc110d7ff4640f34554cf9f7799cc45f
SHA512a8d5644d24323d46484f8517556ee59593e04045e02853655c73bd56a19068b54ee90019df87155f3e5ff78d4a38e189ec2ed0549c6318bb04ec1734278ed965
-
Filesize
996B
MD59762f8c9c04c67f420179153a1f9db9f
SHA1ac56b7b2bbf8c2beb3b93415bc5e95a123a4b583
SHA2561174fe170acd85968f9c6c612f202e67e37d9d7f12e79f1861d1003f9da0a3b7
SHA512e40a285b6cd6a5a7199579a6d08c7023201ae6b7771ed881426513f64bba306946a3532565018833d1077e59618c5ff459f92a90de30ce71d2c0c6ae7e9210fd
-
Filesize
272KB
-
Filesize
272KB
-
Filesize
272KB
-
Filesize
272KB
-
Filesize
272KB
-
Filesize
272KB
-
Filesize
272KB
-
Filesize
272KB
-
Filesize
272KB