Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

cfbc2c635e...18.exe

windows7-x64

7

cfbc2c635e...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/04/2024, 09:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cfbc2c635e2211429639f3e9fbd589de_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    cfbc2c635e2211429639f3e9fbd589de

  • SHA1

    27ece2d71aedefd6983fe70588df1a0fa6877eb7

  • SHA256

    0d9deef41cdfe7a11ce1bfc0d8ab0291aab162a8360ec77df571693b3052fb7d

  • SHA512

    47bedf723d90e52a5fbc73c9720df4be29a5a8103e0a015eb716defeec83f566181122679416bdcb4ab3d2af15775e3cfb531e1d7835f449468b9f4bc8e8c78a

  • SSDEEP

    49152:Qoa1taC070dHPwRhdBvqVpV6YPXwzcvFJHpmDoG3F:Qoa1taC0MPrDQiwzCCD5

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cfbc2c635e2211429639f3e9fbd589de_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\cfbc2c635e2211429639f3e9fbd589de_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1940
    • C:\Users\Admin\AppData\Local\Temp\665B.tmp
      "C:\Users\Admin\AppData\Local\Temp\665B.tmp" --splashC:\Users\Admin\AppData\Local\Temp\cfbc2c635e2211429639f3e9fbd589de_JaffaCakes118.exe 194EAA6EF8226DE29F27C1639989A54F7133D4FDC4E9F99C4BADB1812A5754B6798B0659B3A16979BF453AE9AB01E6BFBC9F1669F5B615EE20C8DEE4E4536EDF
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\665B.tmp
    Filesize

    1.9MB

    MD5

    77c288d9f833d953c328f78a50e87edc

    SHA1

    ba02747538444c8030a1de79273496b71834b564

    SHA256

    b60ab7261286418378cb118406a7fb86640b127d9ae05378455529e6215c1db2

    SHA512

    9c759ee3a9712ee3925a977b81afe3703e3d2a56ea10b17a3310d33ad8cfc5e51ae5487138e920dffd6e1b298480ccbfa64bf94dda2b2f52c5c4a36eaf7984ba

    Download Submit

  • memory/1384-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1940-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download