Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
19/04/2024, 04:07
Static task
static1
Behavioral task
behavioral1
Sample
f9783930fc42d414f98315fad2fafca0_JaffaCakes118.exe
Resource
win7-20240215-en
General
-
Target
f9783930fc42d414f98315fad2fafca0_JaffaCakes118.exe
-
Size
199KB
-
MD5
f9783930fc42d414f98315fad2fafca0
-
SHA1
3bb48c191418ee8776f2860460001cc0496c2ee6
-
SHA256
6a941f71a46616aa978e96ebd18f3fcab014d93ee531ce671dd8f24dd4ecce4a
-
SHA512
7c0a739b7d8c57f9cc3dae99dff045f149ff218f0c451bc78ebbbcf9914a63cb132a2dca5dd1fa7dae67c853401b150bb7b8fe7b45c3d0bed0ffed04b7a93426
-
SSDEEP
6144:lvW7ntBa5S49H99P4x0Mz0rtGeBhz0pI:k7kS4x9h4x0RGeBSC
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
resource yara_rule behavioral1/memory/1644-1-0x0000000000400000-0x0000000000469000-memory.dmp upx behavioral1/memory/2520-12-0x0000000000400000-0x0000000000469000-memory.dmp upx behavioral1/memory/1476-77-0x0000000000400000-0x0000000000469000-memory.dmp upx behavioral1/memory/1644-78-0x0000000000400000-0x0000000000469000-memory.dmp upx behavioral1/memory/1644-184-0x0000000000400000-0x0000000000469000-memory.dmp upx -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 1644 wrote to memory of 2520 1644 f9783930fc42d414f98315fad2fafca0_JaffaCakes118.exe 28 PID 1644 wrote to memory of 2520 1644 f9783930fc42d414f98315fad2fafca0_JaffaCakes118.exe 28 PID 1644 wrote to memory of 2520 1644 f9783930fc42d414f98315fad2fafca0_JaffaCakes118.exe 28 PID 1644 wrote to memory of 2520 1644 f9783930fc42d414f98315fad2fafca0_JaffaCakes118.exe 28 PID 1644 wrote to memory of 1476 1644 f9783930fc42d414f98315fad2fafca0_JaffaCakes118.exe 30 PID 1644 wrote to memory of 1476 1644 f9783930fc42d414f98315fad2fafca0_JaffaCakes118.exe 30 PID 1644 wrote to memory of 1476 1644 f9783930fc42d414f98315fad2fafca0_JaffaCakes118.exe 30 PID 1644 wrote to memory of 1476 1644 f9783930fc42d414f98315fad2fafca0_JaffaCakes118.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\f9783930fc42d414f98315fad2fafca0_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f9783930fc42d414f98315fad2fafca0_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1644 -
C:\Users\Admin\AppData\Local\Temp\f9783930fc42d414f98315fad2fafca0_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\f9783930fc42d414f98315fad2fafca0_JaffaCakes118.exe startC:\Users\Admin\AppData\Roaming\Microsoft\conhost.exe%C:\Users\Admin\AppData\Roaming\Microsoft2⤵PID:2520
-
-
C:\Users\Admin\AppData\Local\Temp\f9783930fc42d414f98315fad2fafca0_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\f9783930fc42d414f98315fad2fafca0_JaffaCakes118.exe startC:\Users\Admin\AppData\Roaming\dwm.exe%C:\Users\Admin\AppData\Roaming2⤵PID:1476
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
600B
MD53c7cee2f29c692765001c1a93497b929
SHA19a33110f0235b93c04a9a1dc6ffe1b0b701cfcb3
SHA25626c3bf3a7d4041b618a5ccd1be5c3c5691672b2590620b1c740f05484f45a28e
SHA512773a7635b1986baecd7098764328c74208dab84827b8ce9f6dfe0208c760ffb3d4776c88e975fd7e06632c4094bce1bd8f11dba3325c6cebae0e8ddd7ea35285
-
Filesize
1KB
MD55b09e1f81e34c3276e1be07eabedd637
SHA139d82ab1ab33ea7d40e5d090552211b26aeacd30
SHA256178be4cdc2ca86e16fb6011fe1b681f3ae027831e5ba9f6b9c37d98a43b31a54
SHA5124c1db758ce549742b5d1401bea53f87004c017187f9b4cea2dbf10a68ad4163f0a7d0e2af8efc128270a63bd50ceee9d02ea43b1a47d0a64b90736aa594652d1
-
Filesize
996B
MD559ecc000120aa2de9840466f271db0c7
SHA1576d5373cf9b7aa7e0dbfd4cafd73973654d6034
SHA25672ab3d86299f3466c12310cb6ec6eb45fcc7a7dbbb4756914041d9b012815069
SHA512007dc297f29c30211d28c1af6f9906390b9767b2c4c7a5c9661767e2d4837a29dcf1f55395ddf0686e0860191ce4b85b0019de6030370f47200afab42cb634b9