Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

fcb48fc210...18.exe

windows7-x64

7

fcb48fc210...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    139s
  • max time network
    166s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/04/2024, 11:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fcb48fc2101155f9285fea47ca10aae7_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    fcb48fc2101155f9285fea47ca10aae7

  • SHA1

    08cab519aacc66cf2ee0ed41cde94a2c50c834ff

  • SHA256

    fbdde36a4fa8286624b16229cf3395936f5b38653aa388fac78743652db6cf11

  • SHA512

    79f6b1c396b316fe499e79314bc9cef108ccd246b62ff71cc3e185c404ed1956f227ac0f4e79121fa3b4bea36415dfe7e26bb5aaa9583df65752c194b6288516

  • SSDEEP

    49152:Qoa1taC070dB+gg1AioV4bLgBsep7k+uALSsxUkClb:Qoa1taC0w+gg6ifbLgBsm75uAFRKb

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fcb48fc2101155f9285fea47ca10aae7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\fcb48fc2101155f9285fea47ca10aae7_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4028
    • C:\Users\Admin\AppData\Local\Temp\720E.tmp
      "C:\Users\Admin\AppData\Local\Temp\720E.tmp" --splashC:\Users\Admin\AppData\Local\Temp\fcb48fc2101155f9285fea47ca10aae7_JaffaCakes118.exe 28647CA58E04377F83A494315D9D0EE68B5196A67FB5012D8D9DF8ECEFC8175FA0D01F25799C259F423BD7ACBFAFD6B97850A7DDFF4C1E9693D56521751BBB67
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3996
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4420 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:2368

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\720E.tmp
      Filesize

      1.9MB

      MD5

      ca8402134a938644010bac2dab7d8c82

      SHA1

      f8b5bb221c54e1e6cc5ab5bb5973ad000c3d562f

      SHA256

      ca28582d4e45d8b1e9f4097b3ae04d62b1e5865813424893f0d872d6e4ae0b75

      SHA512

      4c276cb0ac78ffc098c0e7a669edf7c569ba5f84a095ba5847796318b904def2c23dc011ca2a62a34c80ab9d38b5a50c9efd1f94c3a766d0bb8a3b9218e6cd53

      Download Submit

    • memory/3996-5-0x0000000000400000-0x00000000005E6000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/4028-0-0x0000000000400000-0x00000000005E6000-memory.dmp

      Filesize

      1.9MB

      Download