Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    21/04/2024, 14:20

General

  • Target

    ff79605d05f6cb51d558a1388a66a856_JaffaCakes118.exe

  • Size

    36KB

  • MD5

    ff79605d05f6cb51d558a1388a66a856

  • SHA1

    d6b22bef4f8fb4df5e3652e68859563797a3ee4e

  • SHA256

    4bf7312de1926474fec1d310f458228050e9edec2135723ac1657e895b47c099

  • SHA512

    2c2b6bf5613504e0d1f6f4295ef257c73b26161321f248c295adf23674f57b7e8b0622ba05768836c1887de2b347534a9333715fd3d57172f4df8e3d074f9713

  • SSDEEP

    768:/GOJZCJRkfKeAaVjF5SnbcuyD7UUvmNw3z28wsxPjDe/2A/op0snV:/GOK7cfAapanouy8yq+a8wstjiuAGV

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ff79605d05f6cb51d558a1388a66a856_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ff79605d05f6cb51d558a1388a66a856_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1028
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""QQ.exe"
      2⤵
        PID:2956
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c "C:\Program Files\Windows Media Player\wmpband.exe"
        2⤵
          PID:2968

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1028-0-0x0000000000400000-0x0000000000419000-memory.dmp

        Filesize

        100KB

      • memory/1028-3-0x0000000000400000-0x0000000000419000-memory.dmp

        Filesize

        100KB