Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

08b0dbe8aa...18.exe

windows7-x64

7

08b0dbe8aa...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    99s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/03/2024, 15:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    08b0dbe8aa257ccc7789b896d892af7c_JaffaCakes118.exe

  • Size

    851KB

  • MD5

    08b0dbe8aa257ccc7789b896d892af7c

  • SHA1

    b3da016da1b96ed332ae2159a8921b515f96a1eb

  • SHA256

    3e96299d4354f9f70e0433ba0bdbb8a2d06544b46ae94086b60b87ecea1a896e

  • SHA512

    c65e2a33e24e1a2dadff25239a52739779f366d706d245f4c9188a3dc24eea9bc1bc771e7f0f2329746a3172e41c21f6282f76a7b099432d8fac7245df0dc1ba

  • SSDEEP

    24576:qKeyxTAJj7P+yWwWAnCpzg+iP6SSyQliaSwh:qKeyRA0yzW13Fyeqwh

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\08b0dbe8aa257ccc7789b896d892af7c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\08b0dbe8aa257ccc7789b896d892af7c_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:1200
    • C:\Program Files (x86)\ynhhygjod\kwyrxazn.exe
      "C:\Program Files (x86)\ynhhygjod\kwyrxazn.exe"
      2⤵
      • Executes dropped EXE
      PID:5088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\ynhhygjod\kwyrxazn.exe
    Filesize

    868KB

    MD5

    78aac265d80d7cdc6cc32030a23f9e15

    SHA1

    e677b1a167341158f48d8f8bcf8511511cb84c22

    SHA256

    1dd96bc0f79d17f4a30e061f5d2ecade030f0902d82382fc0b944b86947265f4

    SHA512

    c861f3d6f11f3d98ae17906d494b589a8e9007c539299fe03d3da9859d59cabd4f4343a3d0791e94cd1dca954974730d62cdbff7689b03265043d40a612cb6d3

    Download Submit

  • memory/1200-0-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/1200-1-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/1200-5-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/5088-7-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/5088-8-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download