Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
05/04/2024, 01:30
Static task
static1
Behavioral task
behavioral1
Sample
c71bb0736139d20c0f87e015eedf4b42_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
c71bb0736139d20c0f87e015eedf4b42_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
c71bb0736139d20c0f87e015eedf4b42_JaffaCakes118.exe
-
Size
1.9MB
-
MD5
c71bb0736139d20c0f87e015eedf4b42
-
SHA1
c7d1afe6060cb72a5a942c62025969f5dc27febd
-
SHA256
704a72a057ff6d2b157fec07125a446d19a655b7236ade81e78443e11a1c390e
-
SHA512
104df2c5bb93f73c9b53f6bc3a653f1521a5e0ac825853ba2d6040608f7998aeb6c4fb94d3fadb5a6b997560249987357990498e2c54d32ded5f842625aff6f9
-
SSDEEP
49152:Qoa1taC070dhwFBhQ0X5SGUfYVQmxIdvT:Qoa1taC0dFA0KY2d
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2864 D4A.tmp -
Executes dropped EXE 1 IoCs
pid Process 2864 D4A.tmp -
Loads dropped DLL 1 IoCs
pid Process 2300 c71bb0736139d20c0f87e015eedf4b42_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2300 wrote to memory of 2864 2300 c71bb0736139d20c0f87e015eedf4b42_JaffaCakes118.exe 28 PID 2300 wrote to memory of 2864 2300 c71bb0736139d20c0f87e015eedf4b42_JaffaCakes118.exe 28 PID 2300 wrote to memory of 2864 2300 c71bb0736139d20c0f87e015eedf4b42_JaffaCakes118.exe 28 PID 2300 wrote to memory of 2864 2300 c71bb0736139d20c0f87e015eedf4b42_JaffaCakes118.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\c71bb0736139d20c0f87e015eedf4b42_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\c71bb0736139d20c0f87e015eedf4b42_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2300 -
C:\Users\Admin\AppData\Local\Temp\D4A.tmp"C:\Users\Admin\AppData\Local\Temp\D4A.tmp" --splashC:\Users\Admin\AppData\Local\Temp\c71bb0736139d20c0f87e015eedf4b42_JaffaCakes118.exe F53CD1724B93FA8FBC29F3528AFE6580985205D8534444928DF6BA7AB3F2A07A5BE360781A3ACECD0BAF1D611D784D139C099848EB05958056310F160FC593702⤵
- Deletes itself
- Executes dropped EXE
PID:2864
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.9MB
MD56e310229d633df5dc88527987e66a393
SHA11313bb1f27c713882f570ff1d8334687fbe5984d
SHA256528e122cb5dd1fabf35032a56c116250d3c017e1fc1e44c900a431c1a35f1f9a
SHA5121e1fedb9a850782de737b5eebdb89ae0c8876bf428851965f7a7779528d63be531e3ae393dd5e0905194f2ac751a5ca7e231dbb7efeda9f18fda987a72d3324b