Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

f5cd84f2e4...18.exe

windows7-x64

7

f5cd84f2e4...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    17/04/2024, 12:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f5cd84f2e448a2a6469d22eb07d4fa18_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    f5cd84f2e448a2a6469d22eb07d4fa18

  • SHA1

    ec9d47c1434d200a0c6af17d5efe5158255774f6

  • SHA256

    06b73b2b2b36c03717b865eb2e73b8420b8d7114502f46f0a9fe7b0bfb34c750

  • SHA512

    67422a09845e27c36af4036593cead5b624b8429897633cbf85fad0c356f943963deb273a9ee93b11c1e231b436a26274cebc72a780c70c440743c0b3d385d5a

  • SSDEEP

    49152:Qoa1taC070dwulLpi/dCKP2iu+phtsPgyr7oipIux:Qoa1taC0MlLpudtAqtC7f

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f5cd84f2e448a2a6469d22eb07d4fa18_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f5cd84f2e448a2a6469d22eb07d4fa18_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1688
    • C:\Users\Admin\AppData\Local\Temp\6567.tmp
      "C:\Users\Admin\AppData\Local\Temp\6567.tmp" --splashC:\Users\Admin\AppData\Local\Temp\f5cd84f2e448a2a6469d22eb07d4fa18_JaffaCakes118.exe C536CC072DB0DD399E7B8469D01ECE7D6926FD571B56217664F24DF7E7B1B2CD2DF43CCFA47EBCCA25CBC130772D95B7F288D4D54B773EB7727B972A1277DF84
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\6567.tmp
    Filesize

    1.9MB

    MD5

    734a0148faad401f002ff374f2d73f92

    SHA1

    e58f73f1f4153e6998794c983c5baecfe0d93beb

    SHA256

    7c90d1c5bbcf3043f4d63cbeb99a503ca013ac03be5d7ead701a2755607ddc32

    SHA512

    49d3d61b1fca9467ebdf7b1c1e5abe7099adfe404868a23429cc3efdb9726b2c047be92c1ecf9543a9e2c6c9ee38ec1f617a1e1f6ff7bb62737ea34985eecb90

    Download Submit

  • memory/1688-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2304-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download