Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
16/01/2025, 15:43
General
-
Target
JaffaCakes118_7aec16a8fb5f01f89e648e335ab38cd3.exe
-
Size
165KB
-
MD5
7aec16a8fb5f01f89e648e335ab38cd3
-
SHA1
ecfbdcdff8e1536413e26ac257278fd31c522c1c
-
SHA256
1fbd2d21d2701a6b0404d9cc6a450820da3efaa28889b2978290ced398b63b82
-
SHA512
b3348027a8fad6a22a95a63bb30f1512bcea92f79777ca14205c24d9115641415f31358fc057bee22cd98a33c8b7a25db80440d05d27b6ab97d7be1327eb29a2
-
SSDEEP
3072:h5G2xOekJm/xV97W5OcP2kexGB+IQTca3ThqGAT5mekez5JvWXAn9F+lhw:XB7kJm/xr7W5Og+Y+QOh0w0zWXeSlhw
Malware Config
Signatures
-
Cycbot
Cycbot is a backdoor and trojan written in C++..
-
Cycbot family
-
Detects Cycbot payload 7 IoCs
Cycbot is a backdoor and trojan written in C++.
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file 10 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7aec16a8fb5f01f89e648e335ab38cd3.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7aec16a8fb5f01f89e648e335ab38cd3.exe"1⤵
- Modifies WinLogon for persistence
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7aec16a8fb5f01f89e648e335ab38cd3.exeC:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7aec16a8fb5f01f89e648e335ab38cd3.exe startC:\Program Files (x86)\LP\43C1\BF8.exe%C:\Program Files (x86)\LP\43C12⤵
-
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7aec16a8fb5f01f89e648e335ab38cd3.exeC:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7aec16a8fb5f01f89e648e335ab38cd3.exe startC:\Program Files (x86)\CA404\lvvm.exe%C:\Program Files (x86)\CA4042⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
996B
MD554ea8732fa088211122e783371765d61
SHA1d41de787e4a91435500c71c2ea21e7224b55a496
SHA2561e7cb8c803969a9c1eb40a40fd560241ca23984df0c54606ff4d69d0fb290bac
SHA512c30ab668de19f01e61bf0f540abc02936ee1a36b24e76c233b96434952ef40807f170866c672ebd990b40ceae0da74e1c579ea7eae998612e080ca43e6d43e4e
-
Filesize
600B
MD5f5f269bdf9bc2cb6f5699bd17d16628c
SHA1583286671172baab9d8f54be6b38d80402926271
SHA256a2dd5b5ccde781858cf920fb0b9d5c324be212b70ee51c44da0b27b6900305d3
SHA512039de05c685fc02b6eafca3ad7af1cdc9ee2a9c886b8248214f1bb4dff71beeb0e8957b31f61127fdb87a46113fd19ae2f3b8e86ee0087c8a20f5c5b08a40474
-
Filesize
1KB
MD5b0eeb07cbf45e80002695a3b092f7603
SHA1fb3d9a634f4e11f65a599e17e3b6eb410054c181
SHA2563c97e2792126128df4b40b17dd6cc54f1333da62604e76443aa4890336454c60
SHA512686b666c2f0fd6bdfb0b329a49dbc9919ce23ef7c8d99a3c46c3d17190f4c97a00eec63bdf2e6ebaf41cc8285f887e2cad2a10d9c9f5eada2735fb0c7fbfb2e9
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
568KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
568KB
-
Filesize
580KB