Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    15/12/2024, 08:05 UTC

General

  • Target

    f311ed4e14e3fd2e6b7a654021e9fc46_JaffaCakes118.exe

  • Size

    1.3MB

  • MD5

    f311ed4e14e3fd2e6b7a654021e9fc46

  • SHA1

    4f38463f0a2719701c5351df1c9e7e205764f39f

  • SHA256

    f6210a60289f284600428b1cb4975eab8a326f49644667ef98d83377128615f2

  • SHA512

    9c22995ada407d940d257f4d72461b40415989708fd5678c5aacdb1cef3237fac75e410971f6bc7caab6a4d9e039bddffb7e3db42302647d3fa6ea29df6b59fd

  • SSDEEP

    24576:aSyLtIBYWFkfV0hfPnZBdWGktI7ie8ydTF4EWCX:WKBlNfPjd1ktOie8y1FzX

Malware Config

Signatures

  • Troldesh family
  • Troldesh, Shade, Encoder.858

    Troldesh is a ransomware spread by malspam.

  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f311ed4e14e3fd2e6b7a654021e9fc46_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f311ed4e14e3fd2e6b7a654021e9fc46_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of UnmapMainImage
    PID:2968

Network

    No results found
  • 193.23.244.244:443
    www.a3oyo7vxk.com
    tls
    f311ed4e14e3fd2e6b7a654021e9fc46_JaffaCakes118.exe
    3.1kB
    7.3kB
    13
    11
  • 127.0.0.1:49208
    f311ed4e14e3fd2e6b7a654021e9fc46_JaffaCakes118.exe
  • 154.35.32.5:443
    f311ed4e14e3fd2e6b7a654021e9fc46_JaffaCakes118.exe
    152 B
    3
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2968-0-0x0000000002060000-0x0000000002134000-memory.dmp

    Filesize

    848KB

  • memory/2968-1-0x0000000000400000-0x0000000000607000-memory.dmp

    Filesize

    2.0MB

  • memory/2968-2-0x0000000000400000-0x0000000000607000-memory.dmp

    Filesize

    2.0MB

  • memory/2968-3-0x0000000000400000-0x0000000000607000-memory.dmp

    Filesize

    2.0MB

  • memory/2968-5-0x0000000000400000-0x0000000000607000-memory.dmp

    Filesize

    2.0MB

  • memory/2968-4-0x0000000000400000-0x0000000000607000-memory.dmp

    Filesize

    2.0MB

  • memory/2968-8-0x0000000000400000-0x0000000000607000-memory.dmp

    Filesize

    2.0MB

  • memory/2968-7-0x0000000000400000-0x0000000000607000-memory.dmp

    Filesize

    2.0MB

  • memory/2968-11-0x0000000002060000-0x0000000002134000-memory.dmp

    Filesize

    848KB

  • memory/2968-12-0x0000000000400000-0x0000000000607000-memory.dmp

    Filesize

    2.0MB

  • memory/2968-13-0x0000000000400000-0x0000000000607000-memory.dmp

    Filesize

    2.0MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.