Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
20/04/2024, 11:49
Static task
static1
Behavioral task
behavioral1
Sample
fcb48fc2101155f9285fea47ca10aae7_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
fcb48fc2101155f9285fea47ca10aae7_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
fcb48fc2101155f9285fea47ca10aae7_JaffaCakes118.exe
-
Size
1.9MB
-
MD5
fcb48fc2101155f9285fea47ca10aae7
-
SHA1
08cab519aacc66cf2ee0ed41cde94a2c50c834ff
-
SHA256
fbdde36a4fa8286624b16229cf3395936f5b38653aa388fac78743652db6cf11
-
SHA512
79f6b1c396b316fe499e79314bc9cef108ccd246b62ff71cc3e185c404ed1956f227ac0f4e79121fa3b4bea36415dfe7e26bb5aaa9583df65752c194b6288516
-
SSDEEP
49152:Qoa1taC070dB+gg1AioV4bLgBsep7k+uALSsxUkClb:Qoa1taC0w+gg6ifbLgBsm75uAFRKb
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1524 17F4.tmp -
Executes dropped EXE 1 IoCs
pid Process 1524 17F4.tmp -
Loads dropped DLL 1 IoCs
pid Process 3012 fcb48fc2101155f9285fea47ca10aae7_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3012 wrote to memory of 1524 3012 fcb48fc2101155f9285fea47ca10aae7_JaffaCakes118.exe 28 PID 3012 wrote to memory of 1524 3012 fcb48fc2101155f9285fea47ca10aae7_JaffaCakes118.exe 28 PID 3012 wrote to memory of 1524 3012 fcb48fc2101155f9285fea47ca10aae7_JaffaCakes118.exe 28 PID 3012 wrote to memory of 1524 3012 fcb48fc2101155f9285fea47ca10aae7_JaffaCakes118.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\fcb48fc2101155f9285fea47ca10aae7_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\fcb48fc2101155f9285fea47ca10aae7_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3012 -
C:\Users\Admin\AppData\Local\Temp\17F4.tmp"C:\Users\Admin\AppData\Local\Temp\17F4.tmp" --splashC:\Users\Admin\AppData\Local\Temp\fcb48fc2101155f9285fea47ca10aae7_JaffaCakes118.exe D38E77375D37F6EA716CFBBD43797AD631A0AEA938CCC234DEC900348C6C2A12DB56881E7977179CD9C8B649E5352B2254669795901166BC8538F354E2DD2CCC2⤵
- Deletes itself
- Executes dropped EXE
PID:1524
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.9MB
MD5156d244dedf7993e17e89f415b9ed859
SHA13c3a4ce42fe6182f47b51f6faad9a51db99e86e2
SHA25602ea4d2da0e3d807c9a1a9ea78b33bbefe4c507871f8d6f700254af429d8d41d
SHA512e44995336a6a6953e427ce98ed9470683b9ae6f6446d3c15997920abd433fe1e3ac6eb317e6c43c1b1119d57aac5a4d0524146267c8aa92469e87854feab1d8c