Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

bf9b8b072e...18.exe

windows7-x64

7

bf9b8b072e...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240319-en
  • resource tags

    arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
  • submitted
    04/04/2024, 18:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bf9b8b072e31fdad5146afa4875ee30b_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    bf9b8b072e31fdad5146afa4875ee30b

  • SHA1

    2d5dea24be9f3c30923e3179fbe9c59dd4c17b17

  • SHA256

    4d4fbed69bbfa16346322a6cd2b8dfda94f44cae08197b6e23727c4678703831

  • SHA512

    2181ec24aa8b8c935dcab8fa47802ead41b4c961999c61d88a4b6d73fca97b188bc9bc7eccc145be727329e78796d0b388d5d95502c3ccedf5a0baf7628a6839

  • SSDEEP

    49152:Qoa1taC070dWcMYf5/u7GVR6PNrJXWcTxS4vFK36/g:Qoa1taC0P6xetWcQ9

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bf9b8b072e31fdad5146afa4875ee30b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\bf9b8b072e31fdad5146afa4875ee30b_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1580
    • C:\Users\Admin\AppData\Local\Temp\3D5E.tmp
      "C:\Users\Admin\AppData\Local\Temp\3D5E.tmp" --splashC:\Users\Admin\AppData\Local\Temp\bf9b8b072e31fdad5146afa4875ee30b_JaffaCakes118.exe 7F9854D58680143A78614CC3118292C30144524618C6DB25B2BAB1504A490C1DF5CFCD9C78EB50140A1934B0CB183ED7786CEF72E0859420A22F6C48FBFCD7EB
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\3D5E.tmp
    Filesize

    1.9MB

    MD5

    c6af91d9bf2ce9b7e1b48e721a2c945c

    SHA1

    c4b8e3d617784b1c104dc086531b1fbff23e5448

    SHA256

    f934c75d3f5f0bfb1f42cda275b7b4f7d72f446830c7ef3a30bc09e97fd380a0

    SHA512

    64c30c6e493c647b9efe80cf0930604a398f44a9791e2a54ed8a96e58ee50c91370e314a692558f0754c78b545461ddfcd0c02440f99e5936c3f401b9b91e180

    Download Submit

  • memory/1580-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2888-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download