Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
28/03/2024, 15:49
Static task
static1
Behavioral task
behavioral1
Sample
09a0f413e35de6e4a6a1c719dbb161d1_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
09a0f413e35de6e4a6a1c719dbb161d1_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
09a0f413e35de6e4a6a1c719dbb161d1_JaffaCakes118.exe
-
Size
1.9MB
-
MD5
09a0f413e35de6e4a6a1c719dbb161d1
-
SHA1
6d10103f5d0ae6e30ff9af49ad2c91bf8e8a0d1e
-
SHA256
02577dc581e6c430a65bf3dd800afb126632007ce2e4390f0d397a1d0d690468
-
SHA512
ed14d6ea7dcc583592c39e8c3336c8e4374267d44798522b8834f3d80550bb3ab417c81b8d585648fa86af4f66af17df2d9e220bcbdb339d85eec33a5b9b66b8
-
SSDEEP
24576:N2oo60HPdt+1CRiY2eOBvcj3u10dvrYN+4+DL/eTB/aFYM5ruOT40zdHfrl8fDQe:Qoa1taC070dDQ+H2liJ5ldd/ZscCVnFx
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2296 E14.tmp -
Executes dropped EXE 1 IoCs
pid Process 2296 E14.tmp -
Loads dropped DLL 1 IoCs
pid Process 2176 09a0f413e35de6e4a6a1c719dbb161d1_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2176 wrote to memory of 2296 2176 09a0f413e35de6e4a6a1c719dbb161d1_JaffaCakes118.exe 28 PID 2176 wrote to memory of 2296 2176 09a0f413e35de6e4a6a1c719dbb161d1_JaffaCakes118.exe 28 PID 2176 wrote to memory of 2296 2176 09a0f413e35de6e4a6a1c719dbb161d1_JaffaCakes118.exe 28 PID 2176 wrote to memory of 2296 2176 09a0f413e35de6e4a6a1c719dbb161d1_JaffaCakes118.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\09a0f413e35de6e4a6a1c719dbb161d1_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\09a0f413e35de6e4a6a1c719dbb161d1_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2176 -
C:\Users\Admin\AppData\Local\Temp\E14.tmp"C:\Users\Admin\AppData\Local\Temp\E14.tmp" --splashC:\Users\Admin\AppData\Local\Temp\09a0f413e35de6e4a6a1c719dbb161d1_JaffaCakes118.exe AA0DCA03A980CD2A167226B189DD0AF7143CBA0AF46EC56D0BBDA79A2A32788681C2F1A5FF90B7031268F4EC5998543C47B2C5FD552809227AA27475342A6F9F2⤵
- Deletes itself
- Executes dropped EXE
PID:2296
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.9MB
MD58bbba3ab7c376625b7f4e697eb34094a
SHA18adf1bb1a7b45f589e9b50b4808de653900dccb6
SHA256cce29db46a54a2d437a62846b3de12d3685ae965158d7d62edd53b6b239854ad
SHA512c8bc0eb8c939ca5b9a737c5c915c1e4109501f5b636cf9bb474f13b7b73a5dddfb93bc6a1f2b2d20ddd81703451953f7aab21fa5cc389d3f2fa819f47a176a26