Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

fdf0ad2020...18.exe

windows7-x64

7

fdf0ad2020...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    20/04/2024, 23:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fdf0ad20201f8a97d0866c6abe04c5cf_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    fdf0ad20201f8a97d0866c6abe04c5cf

  • SHA1

    e1cc57f27e8feefbdb041eae6d20572faeda2274

  • SHA256

    9b6fc2bfcc0e103268c694549d11542127a16c6957bc4e2fcad8a307924062c3

  • SHA512

    564b1b6bc40a11b62b1be564cc6a1497967aa7da2c0f78b61a3917d3c349c787b788cb3ad7a939a91250fefe5ebc5058cf4333b021709509278152d7e0d3ca4d

  • SSDEEP

    49152:Qoa1taC070dIP/QAM/n1mavNqf+37zkaFodos/DoDFN:Qoa1taC0//QAK1RVbzk/dohDv

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fdf0ad20201f8a97d0866c6abe04c5cf_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\fdf0ad20201f8a97d0866c6abe04c5cf_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2240
    • C:\Users\Admin\AppData\Local\Temp\10A4.tmp
      "C:\Users\Admin\AppData\Local\Temp\10A4.tmp" --splashC:\Users\Admin\AppData\Local\Temp\fdf0ad20201f8a97d0866c6abe04c5cf_JaffaCakes118.exe ABAC8AE94A3C61DAF375146AFA8A7996F15CE011E8EBC3C3386349DAF4D8E401D825CCB2129E2E002992C7A83B5776405E331F6BD993E47DC1D15DD31A2EF003
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\10A4.tmp
    Filesize

    1.9MB

    MD5

    0344a1a68c7c819eef185a11a0299f6a

    SHA1

    66ca5fd5c17d0c4808972304a0f03810610335d1

    SHA256

    86a8cbd3b582ebef5842120108ac225601e18d853d6de36d4108c9e6859b9337

    SHA512

    2dbdd54308e8e5e8a4fcb37ad3eeb4a6f77dea01cae2f543a1a69a71cea7477e86e753ce71e345a34f9a1e69c7726bd5efeeeb284887f9a957c4ed804145d7aa

    Download Submit

  • memory/2240-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2776-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download