Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
72s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
15/01/2025, 18:53
General
-
Target
JaffaCakes118_5f2dfb12570a5e668e5ccd26d20dcddf.exe
-
Size
165KB
-
MD5
5f2dfb12570a5e668e5ccd26d20dcddf
-
SHA1
c6e0d73cdfce951453342df4087b408d3e5aed0e
-
SHA256
2e1062b65969ca58be19f4662616ad52dda0e882507dbb1246b237cbb5c83408
-
SHA512
980c4b291dc9545f27078a0ec7777b4f591ddf25cfc4be03743e765119217f449711fe49499bd117e4ab42bc9fca6487f01476a0701ccdb3eb09f0c183926a94
-
SSDEEP
3072:wTaZF2SsPpRyNFW8EHX6951f6rQ4jPjKejMWMxVDDieArR1T2s:wTqF2VDyNy34P4hbKqt0RDiv91T
Malware Config
Signatures
-
Cycbot
Cycbot is a backdoor and trojan written in C++..
-
Cycbot family
-
Detects Cycbot payload 5 IoCs
Cycbot is a backdoor and trojan written in C++.
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file 5 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5f2dfb12570a5e668e5ccd26d20dcddf.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5f2dfb12570a5e668e5ccd26d20dcddf.exe"1⤵
- Modifies WinLogon for persistence
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5f2dfb12570a5e668e5ccd26d20dcddf.exeC:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5f2dfb12570a5e668e5ccd26d20dcddf.exe startC:\Program Files (x86)\LP\B9C0\D95.exe%C:\Program Files (x86)\LP\B9C02⤵
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5f2dfb12570a5e668e5ccd26d20dcddf.exeC:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5f2dfb12570a5e668e5ccd26d20dcddf.exe startC:\Program Files (x86)\1993A\lvvm.exe%C:\Program Files (x86)\1993A2⤵
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5da3e5e17d7ba52c345ac107feba22001
SHA10d6adf99b1b35f05108e8952689e146aee6949ee
SHA256990f0fdb0c23d64aa921812dcfa588586bba4adfd9e9982e694ee54c66919700
SHA512864c83c76eee7446a385606efec997da183ff2ebf25232de7ba351d0f9c83a61fbec4a53b61d1f928214e917f5e28aee51ec66d25c2d25333c164ef064644154
-
Filesize
897B
MD591d86e9e9e848de0b7e8e2eb7d89c76b
SHA1a78c97250cb734850ac189f7776204a2a9ec5eab
SHA25605a2fb02d4b6d1019873a1b855a6b4a6dc177aa6970686c9670f3bbe0b522382
SHA512a44f21a1b7024756551b1b3b32b2970dd9ba5a16e4887b9dbc3d0e98ef55454b32d52fbfa07232b0ff3530c705a3c51e61407740dd7d69bf485a2cf06e869e97
-
Filesize
1KB
MD597b1ee084833dc8b5b1151d4f400730f
SHA1d4622bdd5e39c7b34e60c86c745094feb698a392
SHA2566f006dbc63ab6edcb5effb1811f97658883347a760a52c9a658e621b70e1d420
SHA512aef0bf46fb462beb86e8f804bfb8bd9394a0f5007a47ba53509b8bb6990487f905da55dc58e8859de808bd1fb3bd240337f6f98704080608bfa93154906affbe
-
Filesize
597B
MD5a773e6157e8e0ecc2a88b7d35bfeb0b4
SHA10b7e61b9dbf208a490a3b75016398b44787e6777
SHA256173e65ffbc2669875b3bf921facdae88d924168e59cebe5252a3add513085832
SHA5120f5581b22c67c0fc506b29230d6d49ec26fc0c852a40f7e622c17a95cff5ae77e36e13a4d2b9114d3b6a161fc5a96361b4a07945cb04ebca656b905ba86d8533
-
Filesize
576KB
-
Filesize
576KB
-
Filesize
576KB
-
Filesize
576KB
-
Filesize
576KB
-
Filesize
576KB