Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
16/04/2024, 23:23
Static task
static1
Behavioral task
behavioral1
Sample
f48db8e07bc59eacc9b4e3e9b0c7250c_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f48db8e07bc59eacc9b4e3e9b0c7250c_JaffaCakes118.exe
Resource
win10v2004-20240412-en
General
-
Target
f48db8e07bc59eacc9b4e3e9b0c7250c_JaffaCakes118.exe
-
Size
1.3MB
-
MD5
f48db8e07bc59eacc9b4e3e9b0c7250c
-
SHA1
80eec092678aaa6dc3cb6a1de380ed225ca86677
-
SHA256
7ba4f5d0bdf04bdcb1c021f36378d69df535db9937106807d80833e91d696be1
-
SHA512
bf7abe46596174e821025d3fb34c6155030c90fbfd548b024661bf162bc8f787f0b5af570dedf4fceedd1fbcddc91f66f15a41f77ae981cafef5ea45381e3ec4
-
SSDEEP
24576:dgdhhQGGniba/WPpuvlBEaneHueYQFSMdVlhyXrAZREG6O+PZh4ZLmi:dqj5s8+elYQFSMvlkbAZC6LB
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2692 vpjpsgytgdx.exe -
Loads dropped DLL 1 IoCs
pid Process 2804 f48db8e07bc59eacc9b4e3e9b0c7250c_JaffaCakes118.exe -
Drops file in Program Files directory 1 IoCs
description ioc Process File created C:\Program Files (x86)\lqg\vpjpsgytgdx.exe f48db8e07bc59eacc9b4e3e9b0c7250c_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2804 wrote to memory of 2692 2804 f48db8e07bc59eacc9b4e3e9b0c7250c_JaffaCakes118.exe 28 PID 2804 wrote to memory of 2692 2804 f48db8e07bc59eacc9b4e3e9b0c7250c_JaffaCakes118.exe 28 PID 2804 wrote to memory of 2692 2804 f48db8e07bc59eacc9b4e3e9b0c7250c_JaffaCakes118.exe 28 PID 2804 wrote to memory of 2692 2804 f48db8e07bc59eacc9b4e3e9b0c7250c_JaffaCakes118.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\f48db8e07bc59eacc9b4e3e9b0c7250c_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f48db8e07bc59eacc9b4e3e9b0c7250c_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2804 -
C:\Program Files (x86)\lqg\vpjpsgytgdx.exe"C:\Program Files (x86)\lqg\vpjpsgytgdx.exe"2⤵
- Executes dropped EXE
PID:2692
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
MD500abee9937a96a76a19a04804834453c
SHA14ff1b9e327f6729d68aa06f4fb9e94195f4c1b34
SHA25677bb3b3a3de7f4684d748876e6267576a5831c12f97f4149af65ae9edd48616e
SHA512053368a58ed1930fde9623850a3bc724125947e6d483fd38845fe4594248e1328a63329a072a2ca92cb70c282fc1103e41982df1b3fc3b4977b7aa40eeb90964