Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240319-en -
resource tags
arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system -
submitted
04/04/2024, 18:29
Static task
static1
Behavioral task
behavioral1
Sample
bf9b8b072e31fdad5146afa4875ee30b_JaffaCakes118.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
bf9b8b072e31fdad5146afa4875ee30b_JaffaCakes118.exe
Resource
win10v2004-20240319-en
General
-
Target
bf9b8b072e31fdad5146afa4875ee30b_JaffaCakes118.exe
-
Size
1.9MB
-
MD5
bf9b8b072e31fdad5146afa4875ee30b
-
SHA1
2d5dea24be9f3c30923e3179fbe9c59dd4c17b17
-
SHA256
4d4fbed69bbfa16346322a6cd2b8dfda94f44cae08197b6e23727c4678703831
-
SHA512
2181ec24aa8b8c935dcab8fa47802ead41b4c961999c61d88a4b6d73fca97b188bc9bc7eccc145be727329e78796d0b388d5d95502c3ccedf5a0baf7628a6839
-
SSDEEP
49152:Qoa1taC070dWcMYf5/u7GVR6PNrJXWcTxS4vFK36/g:Qoa1taC0P6xetWcQ9
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2888 3D5E.tmp -
Executes dropped EXE 1 IoCs
pid Process 2888 3D5E.tmp -
Loads dropped DLL 1 IoCs
pid Process 1580 bf9b8b072e31fdad5146afa4875ee30b_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1580 wrote to memory of 2888 1580 bf9b8b072e31fdad5146afa4875ee30b_JaffaCakes118.exe 28 PID 1580 wrote to memory of 2888 1580 bf9b8b072e31fdad5146afa4875ee30b_JaffaCakes118.exe 28 PID 1580 wrote to memory of 2888 1580 bf9b8b072e31fdad5146afa4875ee30b_JaffaCakes118.exe 28 PID 1580 wrote to memory of 2888 1580 bf9b8b072e31fdad5146afa4875ee30b_JaffaCakes118.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\bf9b8b072e31fdad5146afa4875ee30b_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\bf9b8b072e31fdad5146afa4875ee30b_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1580 -
C:\Users\Admin\AppData\Local\Temp\3D5E.tmp"C:\Users\Admin\AppData\Local\Temp\3D5E.tmp" --splashC:\Users\Admin\AppData\Local\Temp\bf9b8b072e31fdad5146afa4875ee30b_JaffaCakes118.exe 7F9854D58680143A78614CC3118292C30144524618C6DB25B2BAB1504A490C1DF5CFCD9C78EB50140A1934B0CB183ED7786CEF72E0859420A22F6C48FBFCD7EB2⤵
- Deletes itself
- Executes dropped EXE
PID:2888
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.9MB
MD5c6af91d9bf2ce9b7e1b48e721a2c945c
SHA1c4b8e3d617784b1c104dc086531b1fbff23e5448
SHA256f934c75d3f5f0bfb1f42cda275b7b4f7d72f446830c7ef3a30bc09e97fd380a0
SHA51264c30c6e493c647b9efe80cf0930604a398f44a9791e2a54ed8a96e58ee50c91370e314a692558f0754c78b545461ddfcd0c02440f99e5936c3f401b9b91e180