Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
14/12/2024, 17:40
General
-
Target
efef3aa799d18128f6198c33a503ef27_JaffaCakes118.exe
-
Size
195KB
-
MD5
efef3aa799d18128f6198c33a503ef27
-
SHA1
b8ccbbb683a03d5013c1e9081a4e49960ddfe706
-
SHA256
85b47ed30e3e470af594380e5b80867d5f02ab88883f60f42c372f283443515c
-
SHA512
7fe3038c3877546ce47c2f800e0fc44944a6b47b9ab3b08b69a309f2d309c7c12fbf16bf67b9bc6418228a387abdd9b974ebc79a5d3ded4563ad5430f570dc02
-
SSDEEP
3072:Mn47PND/60tW2D2oFPPHBUOfaZzsHH9CAjJBdpOfUmBtRdQQ4kOFJXTY9SMI:WkPp6P2D2GXHzDnIoVpHmBtPR8ZpM
Malware Config
Signatures
-
Cycbot
Cycbot is a backdoor and trojan written in C++..
-
Cycbot family
-
Detects Cycbot payload 5 IoCs
Cycbot is a backdoor and trojan written in C++.
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file 8 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\efef3aa799d18128f6198c33a503ef27_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\efef3aa799d18128f6198c33a503ef27_JaffaCakes118.exe"1⤵
- Modifies WinLogon for persistence
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\efef3aa799d18128f6198c33a503ef27_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\efef3aa799d18128f6198c33a503ef27_JaffaCakes118.exe startC:\Users\Admin\AppData\Roaming\Microsoft\conhost.exe%C:\Users\Admin\AppData\Roaming\Microsoft2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\efef3aa799d18128f6198c33a503ef27_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\efef3aa799d18128f6198c33a503ef27_JaffaCakes118.exe startC:\Users\Admin\AppData\Local\Temp\csrss.exe%C:\Users\Admin\AppData\Local\Temp2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD58ac96be4b43fd49c76ef05ed5c9b81a9
SHA17d004ab99baa8266700b9ee0a5ce2521adaf1092
SHA2565fdaee95cfd78b2dd38f94af52c62b2506922fd3a67e41d11564cb9759175deb
SHA512aa1fa0919c9aa3bcdd1472250ead65d2ac42fb760c6bb5a2aa846d39228d0b5e7988ccada28708e406a9d3f56733935e8054faa2d312a5b0485b6314c79eac0e
-
Filesize
600B
MD574eae087866119408d9ec7848cbc38e9
SHA100ba3a5f512ca5b90fb3926da1d8a2d30d744ac0
SHA256cf35825343bd3d8b4ac1e7c740ed62a722e553098e0d68676be97a970513728a
SHA512d1a1b9c3c05b0353e43e4efe41d65b64e94b3be63bc867983e42e738a88d7fb0eeffae17d0b74086efb0c395e3e8d3bf6ed74a1c9149ee3cf04880f102b7d26b
-
Filesize
996B
MD5bbd4666631a835a893b33c2a77c10831
SHA16f45442cfc7e877cbc351c3de413aad8d0dff192
SHA256177469d409ad680cf2e318a21855a6c4244b9db71fbf2b2a0e7fcc9ee0b844f5
SHA512c040d2634acb5056c18f315edaaadc2033b7ae962704a4ca462a7201e8b3da4aa934a26ff8cc8b5a3e4f946d3fa558e49b9fad84ea6eac561aacc010a748f68b
-
Filesize
556KB
-
Filesize
556KB
-
Filesize
556KB
-
Filesize
556KB
-
Filesize
556KB
-
Filesize
556KB
-
Filesize
556KB
-
Filesize
556KB
-
Filesize
556KB
-
Filesize
556KB