Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
17/04/2024, 12:47
Static task
static1
Behavioral task
behavioral1
Sample
f5cd84f2e448a2a6469d22eb07d4fa18_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f5cd84f2e448a2a6469d22eb07d4fa18_JaffaCakes118.exe
Resource
win10v2004-20240412-en
General
-
Target
f5cd84f2e448a2a6469d22eb07d4fa18_JaffaCakes118.exe
-
Size
1.9MB
-
MD5
f5cd84f2e448a2a6469d22eb07d4fa18
-
SHA1
ec9d47c1434d200a0c6af17d5efe5158255774f6
-
SHA256
06b73b2b2b36c03717b865eb2e73b8420b8d7114502f46f0a9fe7b0bfb34c750
-
SHA512
67422a09845e27c36af4036593cead5b624b8429897633cbf85fad0c356f943963deb273a9ee93b11c1e231b436a26274cebc72a780c70c440743c0b3d385d5a
-
SSDEEP
49152:Qoa1taC070dwulLpi/dCKP2iu+phtsPgyr7oipIux:Qoa1taC0MlLpudtAqtC7f
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2304 6567.tmp -
Executes dropped EXE 1 IoCs
pid Process 2304 6567.tmp -
Loads dropped DLL 1 IoCs
pid Process 1688 f5cd84f2e448a2a6469d22eb07d4fa18_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1688 wrote to memory of 2304 1688 f5cd84f2e448a2a6469d22eb07d4fa18_JaffaCakes118.exe 28 PID 1688 wrote to memory of 2304 1688 f5cd84f2e448a2a6469d22eb07d4fa18_JaffaCakes118.exe 28 PID 1688 wrote to memory of 2304 1688 f5cd84f2e448a2a6469d22eb07d4fa18_JaffaCakes118.exe 28 PID 1688 wrote to memory of 2304 1688 f5cd84f2e448a2a6469d22eb07d4fa18_JaffaCakes118.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\f5cd84f2e448a2a6469d22eb07d4fa18_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f5cd84f2e448a2a6469d22eb07d4fa18_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1688 -
C:\Users\Admin\AppData\Local\Temp\6567.tmp"C:\Users\Admin\AppData\Local\Temp\6567.tmp" --splashC:\Users\Admin\AppData\Local\Temp\f5cd84f2e448a2a6469d22eb07d4fa18_JaffaCakes118.exe C536CC072DB0DD399E7B8469D01ECE7D6926FD571B56217664F24DF7E7B1B2CD2DF43CCFA47EBCCA25CBC130772D95B7F288D4D54B773EB7727B972A1277DF842⤵
- Deletes itself
- Executes dropped EXE
PID:2304
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.9MB
MD5734a0148faad401f002ff374f2d73f92
SHA1e58f73f1f4153e6998794c983c5baecfe0d93beb
SHA2567c90d1c5bbcf3043f4d63cbeb99a503ca013ac03be5d7ead701a2755607ddc32
SHA51249d3d61b1fca9467ebdf7b1c1e5abe7099adfe404868a23429cc3efdb9726b2c047be92c1ecf9543a9e2c6c9ee38ec1f617a1e1f6ff7bb62737ea34985eecb90