Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

c71bb07361...18.exe

windows7-x64

7

c71bb07361...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    05/04/2024, 01:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c71bb0736139d20c0f87e015eedf4b42_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    c71bb0736139d20c0f87e015eedf4b42

  • SHA1

    c7d1afe6060cb72a5a942c62025969f5dc27febd

  • SHA256

    704a72a057ff6d2b157fec07125a446d19a655b7236ade81e78443e11a1c390e

  • SHA512

    104df2c5bb93f73c9b53f6bc3a653f1521a5e0ac825853ba2d6040608f7998aeb6c4fb94d3fadb5a6b997560249987357990498e2c54d32ded5f842625aff6f9

  • SSDEEP

    49152:Qoa1taC070dhwFBhQ0X5SGUfYVQmxIdvT:Qoa1taC0dFA0KY2d

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c71bb0736139d20c0f87e015eedf4b42_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c71bb0736139d20c0f87e015eedf4b42_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2300
    • C:\Users\Admin\AppData\Local\Temp\D4A.tmp
      "C:\Users\Admin\AppData\Local\Temp\D4A.tmp" --splashC:\Users\Admin\AppData\Local\Temp\c71bb0736139d20c0f87e015eedf4b42_JaffaCakes118.exe F53CD1724B93FA8FBC29F3528AFE6580985205D8534444928DF6BA7AB3F2A07A5BE360781A3ACECD0BAF1D611D784D139C099848EB05958056310F160FC59370
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\D4A.tmp
    Filesize

    1.9MB

    MD5

    6e310229d633df5dc88527987e66a393

    SHA1

    1313bb1f27c713882f570ff1d8334687fbe5984d

    SHA256

    528e122cb5dd1fabf35032a56c116250d3c017e1fc1e44c900a431c1a35f1f9a

    SHA512

    1e1fedb9a850782de737b5eebdb89ae0c8876bf428851965f7a7779528d63be531e3ae393dd5e0905194f2ac751a5ca7e231dbb7efeda9f18fda987a72d3324b

    Download Submit

  • memory/2300-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2864-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download