Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
27/01/2025, 14:06
General
-
Target
JaffaCakes118_4050f3601ab7931a0f6db2262ecb25a9.exe
-
Size
165KB
-
MD5
4050f3601ab7931a0f6db2262ecb25a9
-
SHA1
aea77ad2a71dea57b06d824ab8617149e2d1edcc
-
SHA256
cd705b00962c246a2513eebce6e3c6b50aed5b3576569006d362a3f16e5b10ea
-
SHA512
1d1ce6495680eb604873297f515f163e9c9145451552158bd897968eab3094e3b8b8ea46e974a15b28b11e9f82a7f64f8569d2c0720d00f30f5a69e140fe2507
-
SSDEEP
3072:hMMbRiYder+FnuJ2PaCZwXPlbPXHVO2oBvQ6xNDCnz1dShLeA184Uum9xVp:hzb0Yd+3Ehih1PoBI6HDw11A184UTxV
Malware Config
Signatures
-
Cycbot
Cycbot is a backdoor and trojan written in C++..
-
Cycbot family
-
Detects Cycbot payload 7 IoCs
Cycbot is a backdoor and trojan written in C++.
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file 10 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4050f3601ab7931a0f6db2262ecb25a9.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4050f3601ab7931a0f6db2262ecb25a9.exe"1⤵
- Modifies WinLogon for persistence
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4050f3601ab7931a0f6db2262ecb25a9.exeC:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4050f3601ab7931a0f6db2262ecb25a9.exe startC:\Program Files (x86)\LP\7E60\747.exe%C:\Program Files (x86)\LP\7E602⤵
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4050f3601ab7931a0f6db2262ecb25a9.exeC:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4050f3601ab7931a0f6db2262ecb25a9.exe startC:\Program Files (x86)\CFEBA\lvvm.exe%C:\Program Files (x86)\CFEBA2⤵
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
300B
MD5489aaecd1bf25e4009ae403e69ca811d
SHA16fe33ce14f527f1d5f2d115566f3e2d0bb4be8db
SHA256057ad5f265ee7ed726a1fab33551d84ddf5d0672b5fd37330b3fff6253b28624
SHA5128b5301e7b8744b0c5eabda83e65d8c751c66dd28aab821047917bdfb8187d030d097fb6e5ce5a18c44b2bd398aa9215c691dce65c8adffdc50e2cd561a0beb45
-
Filesize
996B
MD55a29f6efec9613ef15b42a06266ad476
SHA1a6ceb55c3b54887bc3bbe0d632c06e99e73cc601
SHA256ba50907fff5e29fc015e7e76af9a95d1c1dde4a3c908b0e5b776c5876678ccb2
SHA512025216775366013b7e8325002d1e3333334a2f0c2a981a353ed38ef68a7fcb4f76d52a4bb1856a23cff696806bc30b95b2d9c4aa3740740a1dae046dfff9df9a
-
Filesize
600B
MD5a275795196c9ee25b2423843b024baee
SHA124e01ce72efbf2d2ebfae62e91392002ffd2bf33
SHA2568b484dcd22a1a875423368dbf381cfafceeeb63baa62129b27ec15a2fffebd16
SHA512fa85abf49ea118c323df75bce26fe7e9a0436625884b1cd495a9c8747be006ea59795c4efcb94c4ed748c3730acb485c72bdba331099000a56568d549bbbf5aa
-
Filesize
1KB
MD53aeda1dfb6cba674411015367b7f8791
SHA1ddb39c34453330770d4eb2fc42e6bd1a573ce66a
SHA2564b287379d256cfc4f256a199b45bf9d5de2af6b0e490ff814483c0221e4c942e
SHA51240343d9b365708808b9db893de06db83943b4596b31b9c79217294b69768ff2f0ec17a76d87d51de6043db58bf46084585ea0ae767e5526586025970589ed314
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
568KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
568KB
-
Filesize
580KB