Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

09a0f413e3...18.exe

windows7-x64

7

09a0f413e3...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    28/03/2024, 15:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    09a0f413e35de6e4a6a1c719dbb161d1_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    09a0f413e35de6e4a6a1c719dbb161d1

  • SHA1

    6d10103f5d0ae6e30ff9af49ad2c91bf8e8a0d1e

  • SHA256

    02577dc581e6c430a65bf3dd800afb126632007ce2e4390f0d397a1d0d690468

  • SHA512

    ed14d6ea7dcc583592c39e8c3336c8e4374267d44798522b8834f3d80550bb3ab417c81b8d585648fa86af4f66af17df2d9e220bcbdb339d85eec33a5b9b66b8

  • SSDEEP

    24576:N2oo60HPdt+1CRiY2eOBvcj3u10dvrYN+4+DL/eTB/aFYM5ruOT40zdHfrl8fDQe:Qoa1taC070dDQ+H2liJ5ldd/ZscCVnFx

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\09a0f413e35de6e4a6a1c719dbb161d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\09a0f413e35de6e4a6a1c719dbb161d1_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2176
    • C:\Users\Admin\AppData\Local\Temp\E14.tmp
      "C:\Users\Admin\AppData\Local\Temp\E14.tmp" --splashC:\Users\Admin\AppData\Local\Temp\09a0f413e35de6e4a6a1c719dbb161d1_JaffaCakes118.exe AA0DCA03A980CD2A167226B189DD0AF7143CBA0AF46EC56D0BBDA79A2A32788681C2F1A5FF90B7031268F4EC5998543C47B2C5FD552809227AA27475342A6F9F
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\E14.tmp
    Filesize

    1.9MB

    MD5

    8bbba3ab7c376625b7f4e697eb34094a

    SHA1

    8adf1bb1a7b45f589e9b50b4808de653900dccb6

    SHA256

    cce29db46a54a2d437a62846b3de12d3685ae965158d7d62edd53b6b239854ad

    SHA512

    c8bc0eb8c939ca5b9a737c5c915c1e4109501f5b636cf9bb474f13b7b73a5dddfb93bc6a1f2b2d20ddd81703451953f7aab21fa5cc389d3f2fa819f47a176a26

    Download Submit

  • memory/2176-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2296-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download