Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

f146fdcad0...18.exe

windows7-x64

7

f146fdcad0...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    97s
  • max time network
    113s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/04/2024, 14:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f146fdcad0bc853f2a8df574551033bd_JaffaCakes118.exe

  • Size

    57KB

  • MD5

    f146fdcad0bc853f2a8df574551033bd

  • SHA1

    ba525806d8acacbfcd6f360d898876af52598ba1

  • SHA256

    10df1727cc3a6072b978c72fff96d92d3290b3ccc731ea9d6b1d720ed7d756f4

  • SHA512

    e3b2737c3675b7aceb8e2810ffc698822e1b85b517342dd2653eceb3f81fb404b0f52311dcbf4b57246858cde36a7aeb863a46759a678c4f0cbf90ec94e587b8

  • SSDEEP

    768:GG3SIdZwXJ92W5LUSGlcrIFVq9eXVA4Hmsz6WDbVCptShoiFXBkf4jcLT7JZbO7A:/3SiZwZ92W5BAFV7V0A8pwDmNLviLF6

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f146fdcad0bc853f2a8df574551033bd_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f146fdcad0bc853f2a8df574551033bd_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1704
    • C:\Users\Admin\AppData\Local\Temp\f146fdcad0bc853f2a8df574551033bd_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\f146fdcad0bc853f2a8df574551033bd_JaffaCakes118.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\f146fdcad0bc853f2a8df574551033bd_JaffaCakes118.exe
    Filesize

    57KB

    MD5

    3545963022ee1617d66964a8fd8a2b23

    SHA1

    00c68aae7505eabb16bd597ce9fa163425de7e06

    SHA256

    01dbe533995e6147b14449147a759a1709ad61bb3437c132f0515e0e18490cf2

    SHA512

    9e8f33aee661747b1597123305e4ad447df7c18180303c63e34e18b70719661b4a133398ae0e4572511c8af07342255a19b864fa521b8fae02a5350cb924638a

    Download Submit

  • memory/764-13-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/764-15-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/764-14-0x0000000000190000-0x00000000001BC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/764-20-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/764-25-0x00000000014D0000-0x00000000014EB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/764-26-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1704-0-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1704-1-0x00000000001B0000-0x00000000001DC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1704-2-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1704-11-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download