Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
21/04/2024, 14:20
Static task
static1
Behavioral task
behavioral1
Sample
ff79605d05f6cb51d558a1388a66a856_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
ff79605d05f6cb51d558a1388a66a856_JaffaCakes118.exe
Resource
win10v2004-20240412-en
General
-
Target
ff79605d05f6cb51d558a1388a66a856_JaffaCakes118.exe
-
Size
36KB
-
MD5
ff79605d05f6cb51d558a1388a66a856
-
SHA1
d6b22bef4f8fb4df5e3652e68859563797a3ee4e
-
SHA256
4bf7312de1926474fec1d310f458228050e9edec2135723ac1657e895b47c099
-
SHA512
2c2b6bf5613504e0d1f6f4295ef257c73b26161321f248c295adf23674f57b7e8b0622ba05768836c1887de2b347534a9333715fd3d57172f4df8e3d074f9713
-
SSDEEP
768:/GOJZCJRkfKeAaVjF5SnbcuyD7UUvmNw3z28wsxPjDe/2A/op0snV:/GOK7cfAapanouy8yq+a8wstjiuAGV
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1028 ff79605d05f6cb51d558a1388a66a856_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 1028 wrote to memory of 2956 1028 ff79605d05f6cb51d558a1388a66a856_JaffaCakes118.exe 28 PID 1028 wrote to memory of 2956 1028 ff79605d05f6cb51d558a1388a66a856_JaffaCakes118.exe 28 PID 1028 wrote to memory of 2956 1028 ff79605d05f6cb51d558a1388a66a856_JaffaCakes118.exe 28 PID 1028 wrote to memory of 2956 1028 ff79605d05f6cb51d558a1388a66a856_JaffaCakes118.exe 28 PID 1028 wrote to memory of 2968 1028 ff79605d05f6cb51d558a1388a66a856_JaffaCakes118.exe 29 PID 1028 wrote to memory of 2968 1028 ff79605d05f6cb51d558a1388a66a856_JaffaCakes118.exe 29 PID 1028 wrote to memory of 2968 1028 ff79605d05f6cb51d558a1388a66a856_JaffaCakes118.exe 29 PID 1028 wrote to memory of 2968 1028 ff79605d05f6cb51d558a1388a66a856_JaffaCakes118.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\ff79605d05f6cb51d558a1388a66a856_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\ff79605d05f6cb51d558a1388a66a856_JaffaCakes118.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1028 -
C:\Windows\SysWOW64\cmd.execmd /c ""QQ.exe"2⤵PID:2956
-
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Program Files\Windows Media Player\wmpband.exe"2⤵PID:2968
-