Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05/05/2024, 08:32

General

  • Target

    16d6da1ce68edcf064335a92bd14a8b2_JaffaCakes118.exe

  • Size

    1.1MB

  • MD5

    16d6da1ce68edcf064335a92bd14a8b2

  • SHA1

    3c4434c808a3097b024d12e4d8ecbe3a3b16ff90

  • SHA256

    a056170c3d94424992d061ee455b48823fcf49c6d9d0b4bc16a4142866283811

  • SHA512

    91708bde6afe4463e29c88ed09ee4db44afe29cb7f0b67837dfc67f9b79f24c2236e5606199b4680afe8568b662658cc495553ebe2fe08bbcd2dbabb50ff4bbe

  • SSDEEP

    24576:44923NEP/mZTfIc3QQp6LDVtFhxzSP57G73GEyYwH/d1oDm:4K29ZUc37pSRShY3xy9Hz

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\16d6da1ce68edcf064335a92bd14a8b2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\16d6da1ce68edcf064335a92bd14a8b2_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2132

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2132-0-0x0000000074CDE000-0x0000000074CDF000-memory.dmp

    Filesize

    4KB

  • memory/2132-1-0x0000000001310000-0x000000000142E000-memory.dmp

    Filesize

    1.1MB

  • memory/2132-2-0x0000000006F00000-0x000000000700C000-memory.dmp

    Filesize

    1.0MB

  • memory/2132-3-0x0000000074CD0000-0x00000000753BE000-memory.dmp

    Filesize

    6.9MB

  • memory/2132-4-0x0000000000280000-0x0000000000290000-memory.dmp

    Filesize

    64KB

  • memory/2132-5-0x0000000074CD0000-0x00000000753BE000-memory.dmp

    Filesize

    6.9MB

  • memory/2132-6-0x0000000074CD0000-0x00000000753BE000-memory.dmp

    Filesize

    6.9MB