Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

c154e250b3...18.exe

windows7-x64

7

c154e250b3...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/04/2024, 19:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c154e250b346245e8f8ee1da0a65d22f_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    c154e250b346245e8f8ee1da0a65d22f

  • SHA1

    fed5227e0bb29dac6c24b1bc816a0717e19c0005

  • SHA256

    ee7cab9431cdde8773a4f418f66b4ed5187e2aeff08cb0f91464d2dd9a758d7c

  • SHA512

    493e79600a8f5f0fabc572c414904e8e8d82c397f443e5a720770d292a35c970173bf1877f580a8ac22dcb39225bf9e5c57b42268ab8321770943e1208d1ccb0

  • SSDEEP

    49152:Qoa1taC070dA7+5qp+Xg/wg3N+Wow0m5XU62:Qoa1taC0B1+bKwWR0m5z2

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c154e250b346245e8f8ee1da0a65d22f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c154e250b346245e8f8ee1da0a65d22f_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4032
    • C:\Users\Admin\AppData\Local\Temp\E53.tmp
      "C:\Users\Admin\AppData\Local\Temp\E53.tmp" --splashC:\Users\Admin\AppData\Local\Temp\c154e250b346245e8f8ee1da0a65d22f_JaffaCakes118.exe F6ADF5A963B8AB3D86C53F988B1B89AB0EEB4B8873EA64372EDD41B7815E35A22B7A30957103DD13FA85B83C8756E4506E9E172C2A6D747FD4A7C07C700C1E5F
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:4680
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3808 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:456

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\E53.tmp
      Filesize

      1.9MB

      MD5

      c923569b5b08482243bdd4beb1ea91c2

      SHA1

      f270a923fe48281cb88bed49dd207d7a5cd6bc79

      SHA256

      8f7a3c3de8aade8c24f5c39f55fb3d92678f825cd4feb633959e368a98667b74

      SHA512

      7e6327a1bce8d7e2d49a230603ac6d68f04c710b6eb6861791257c0fb89f9d0f1e1ef16df3f48f1c2a7f8f9e6dc75f27ba9fc349c917229a204912cff09c968f

      Download Submit

    • memory/4032-0-0x0000000000400000-0x00000000005E6000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/4680-5-0x0000000000400000-0x00000000005E6000-memory.dmp

      Filesize

      1.9MB

      Download