Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

e95aa74488...18.exe

windows7-x64

7

e95aa74488...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/04/2024, 05:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e95aa7448831dd073ed1b2767d021b04_JaffaCakes118.exe

  • Size

    385KB

  • MD5

    e95aa7448831dd073ed1b2767d021b04

  • SHA1

    ce8a692d7f49bce4cc1e9925173383e703b6e096

  • SHA256

    cfffc467f24e3372dbb1fc43fffc92918ca781fed0509b9f6da8b6cf4f074e40

  • SHA512

    ca3e4105903658798b97944ec5c022f4fcbd8d8bb95f7ebac4e8578a8d65b26b5aa8a8dd4dcaec4cd280a064e93a63eae8ea510df90fcafa495d53cd2779aebf

  • SSDEEP

    6144:nIctPK94yphe//2wVyK/p6tGQHYbdYEnVujOEDo2D/17O1uk59n9IbMsNB3VB:nIcGFp0//xJkQ0YejzSuSn8RB

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e95aa7448831dd073ed1b2767d021b04_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e95aa7448831dd073ed1b2767d021b04_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1116
    • C:\Users\Admin\AppData\Local\Temp\e95aa7448831dd073ed1b2767d021b04_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\e95aa7448831dd073ed1b2767d021b04_JaffaCakes118.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4816

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\e95aa7448831dd073ed1b2767d021b04_JaffaCakes118.exe
    Filesize

    385KB

    MD5

    b1f7cc4f09ba699bb71180ca635ce62d

    SHA1

    ce52d4655c4e8c9b2fc9e4b731615ca445f18fc9

    SHA256

    6d1f03cb7ad4bea6c069ec7701f45b5afbb4eddc50b53241566f9585c0f6f524

    SHA512

    de4a4f3809eb2e4dd79163c60e32764cf30e973dbfb84558e94d7c9d855b5be982599158697aead5ec9c779bbdf279afe09b1d72474c07c4dbd777794181c5ff

    Download Submit

  • memory/1116-0-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/1116-1-0x00000000014D0000-0x0000000001536000-memory.dmp

    Filesize

    408KB

    Download

  • memory/1116-2-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/1116-11-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/4816-13-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4816-15-0x0000000001470000-0x00000000014D6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4816-20-0x0000000001600000-0x000000000165F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/4816-21-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/4816-30-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4816-32-0x000000000B7C0000-0x000000000B7FC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/4816-36-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download