Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
05/04/2024, 04:53
Static task
static1
Behavioral task
behavioral1
Sample
cb598a86138c50430cf4d239b4a1a2d0_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
cb598a86138c50430cf4d239b4a1a2d0_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
cb598a86138c50430cf4d239b4a1a2d0_JaffaCakes118.exe
-
Size
965KB
-
MD5
cb598a86138c50430cf4d239b4a1a2d0
-
SHA1
1c2427f62f73b7d28170d7953de3eaab5e9c10df
-
SHA256
b9de0c099a5b1b7b8f8f8673f20a698d3ed9d533d123c61dbe354a953dffda61
-
SHA512
9091488379745dc1b4c1f79befe60f2f593c25dce5afcc3ffde62a6f74f56657b89073a42383f41f99ebc6216890441b173917b051ce8e8224f0635fa112d08b
-
SSDEEP
24576:dgdhhQGGnnazLpj4VHogiuG1rnjyRlY4jFTq:dqgazxcG1DWRO4I
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2104 wbndewyfjbh.exe -
Loads dropped DLL 1 IoCs
pid Process 2968 cb598a86138c50430cf4d239b4a1a2d0_JaffaCakes118.exe -
Drops file in Program Files directory 1 IoCs
description ioc Process File created C:\Program Files (x86)\qzndvcdi\wbndewyfjbh.exe cb598a86138c50430cf4d239b4a1a2d0_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2968 wrote to memory of 2104 2968 cb598a86138c50430cf4d239b4a1a2d0_JaffaCakes118.exe 28 PID 2968 wrote to memory of 2104 2968 cb598a86138c50430cf4d239b4a1a2d0_JaffaCakes118.exe 28 PID 2968 wrote to memory of 2104 2968 cb598a86138c50430cf4d239b4a1a2d0_JaffaCakes118.exe 28 PID 2968 wrote to memory of 2104 2968 cb598a86138c50430cf4d239b4a1a2d0_JaffaCakes118.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\cb598a86138c50430cf4d239b4a1a2d0_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\cb598a86138c50430cf4d239b4a1a2d0_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2968 -
C:\Program Files (x86)\qzndvcdi\wbndewyfjbh.exe"C:\Program Files (x86)\qzndvcdi\wbndewyfjbh.exe"2⤵
- Executes dropped EXE
PID:2104
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
979KB
MD59b606684f016f0ee0350cb55afaf0077
SHA151c3d06debccef1e94e786fe9d1f8818aaf130f8
SHA2567463b4b6bad0f4849c05f85ab2b8fb9c2db677c2d54aa7615b2744fa3ae0064c
SHA512c0eeacafda21356ec0c041b9e7d1ee5a36a9dbcc974e91029d271712030de42a18451906d039bfe43c58e70a78d45888cb64144c13a5fd712fff4d25ccb47524