Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

f957273318...18.exe

windows7-x64

7

f957273318...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    113s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/04/2024, 02:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f957273318be9a0f105a05c83f5fd6f9_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    f957273318be9a0f105a05c83f5fd6f9

  • SHA1

    00f1bfe4854a00fc1dfb589c860d3794ac1690b0

  • SHA256

    ee7263acf0b6c883170d73c355c4f51694407c45bf6cb698543a447366ae3e61

  • SHA512

    1a0d2b13b05b42e95b25683d5eac81dab5dd9f3725b1617b6bb45d0f0bd1a1457c7ed12ca6b73c19f2cd0eba6f2fd90924d3986cf8eeb27339e381df5b88d267

  • SSDEEP

    49152:Qoa1taC070d6suGPtIBqgH+05w8NhCX2k9:Qoa1taC0onP3o+0u8NkGk9

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f957273318be9a0f105a05c83f5fd6f9_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f957273318be9a0f105a05c83f5fd6f9_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4216
    • C:\Users\Admin\AppData\Local\Temp\34FA.tmp
      "C:\Users\Admin\AppData\Local\Temp\34FA.tmp" --splashC:\Users\Admin\AppData\Local\Temp\f957273318be9a0f105a05c83f5fd6f9_JaffaCakes118.exe 95E82C8693F806413E57607D7674CA2EDDD9AF80B58D01B5A98A560989F6CA7FA7D1398EE9F5604DFB5F5EA023D1F414C1F734689C337E574655655DE2BA4DBC
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\34FA.tmp
    Filesize

    1.9MB

    MD5

    1d1f81db9e842b117901457dac1d04e3

    SHA1

    c6e5f21f1a456ecf17f2bd0594e3d77bb8862407

    SHA256

    b492e574bdc68bbe23a011f2fb3b5e7473701a7c741a5fab881ad1e715863882

    SHA512

    8d6256556420aca54e0b011f87cd50e54af66a46e4b7b5faa7dcd3fab862857fb2c3ff9b59d84de2222a2b432961986d9e76686e1b467c38c056edae621025d6

    Download Submit

  • memory/852-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4216-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download