Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

JaffaCakes...d5.exe

windows7-x64

10

JaffaCakes...d5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    14/03/2025, 01:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_72c1ea6b26e9e8aeef68f2721a3557d5.exe

  • Size

    131KB

  • MD5

    72c1ea6b26e9e8aeef68f2721a3557d5

  • SHA1

    448752b4af4b39552c21f855087cc51c6ef28fcc

  • SHA256

    88df1b9a0095b38b55b3fdf66719deccad1ef2f8efeaa503cc8d34b69aeae338

  • SHA512

    7a19153f96cc16143be5cb08f05795c17cb1f7a35fe886aa87bdb68257f090938fb8d20edae409fb7141ca7fb080e36b7a0e7a4585bc9b7d0214e8ec8fee0bdc

  • SSDEEP

    3072:yGu9BlfzWIbXWm+w0Jp5iwZarcFxO/ImmDChxReco/OU643pEb:y/0uoYQ4bxcWR42

Score
10/10
googlediscoverypersistencephishing

Malware Config

Signatures

  • Detected google phishing page 1 IoCs
    phishinggoogle
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_72c1ea6b26e9e8aeef68f2721a3557d5.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_72c1ea6b26e9e8aeef68f2721a3557d5.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1668
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\KEYLOG~1.EXE
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\KEYLOG~1.EXE
      2⤵
      • Detected google phishing page
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1628

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\IXP000.TMP\KEYLOG~1.EXE
    Filesize

    116KB

    MD5

    53107de8dff0e7b79364cd7706f86790

    SHA1

    026219c02af310ec9a5bf809c12cf612935e2d86

    SHA256

    53eea8080920c71b4f2992f28087ccb88e3eb32abfda6ebd390327d4500a0614

    SHA512

    6035305c63cff9ad14d4d4e2bd14a0eec21af3769b48fe6ab844cfee6073db54666295d72f3144d5703561504bce195a64252936cb696227c022b7cc667b7613

    Download Submit

  • memory/1628-18-0x0000000004A60000-0x0000000004E72000-memory.dmp

    Filesize

    4.1MB

    Download