Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

f570fe7437...18.exe

windows7-x64

7

f570fe7437...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    17/04/2024, 09:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f570fe74378677c973f845d0d00218c7_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    f570fe74378677c973f845d0d00218c7

  • SHA1

    2614de619f42f3fac7e6a26d1febb0159b2fec2f

  • SHA256

    76c3ea6223608c45717f66b047302da0d44bd51ebe15201739afa419942808e0

  • SHA512

    d78718bb205253e039bcda9d0bd37e8e3891839b35db56d890905c9eee2e71ea9b06855b51babe97f96c7bc1f121167d8b708ea61457427bc2ef0798e8c8bd27

  • SSDEEP

    49152:Qoa1taC070dMbr2s4oFrH9sWWYQJWoysFTKMK:Qoa1taC07br2sZtH9sWhQJWgFTtK

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f570fe74378677c973f845d0d00218c7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f570fe74378677c973f845d0d00218c7_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1640
    • C:\Users\Admin\AppData\Local\Temp\D98.tmp
      "C:\Users\Admin\AppData\Local\Temp\D98.tmp" --splashC:\Users\Admin\AppData\Local\Temp\f570fe74378677c973f845d0d00218c7_JaffaCakes118.exe 554B5A1D1C12C9A1991D8C7E4F1AFDCCC8BE3FF9F562970ED2D593F4B6DE50F0D73615AEC87F3931982E90D479030206B086F11DB650ED445277F49AF1E203CC
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\D98.tmp
    Filesize

    1.9MB

    MD5

    d78b3bd43ef919df25340409abefd3f4

    SHA1

    a2cbd52fca47b8ed641d3d2a0ef74fd7375e9b59

    SHA256

    70dba40ac316ce20ec68bb945143640ae80ea3e68bd4ba70ebce86120772d252

    SHA512

    32a935bcdf580b7a12181a52ad51daf708a0708b350c8bbf593d828c3f9b7213212e7243c09e78b83e375e0d98b70838eab6622206871f4763f9463762dd893b

    Download Submit

  • memory/1640-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1656-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download