Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

16d6da1ce6...18.exe

windows7-x64

1

16d6da1ce6...18.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    144s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/05/2024, 08:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    16d6da1ce68edcf064335a92bd14a8b2_JaffaCakes118.exe

  • Size

    1.1MB

  • MD5

    16d6da1ce68edcf064335a92bd14a8b2

  • SHA1

    3c4434c808a3097b024d12e4d8ecbe3a3b16ff90

  • SHA256

    a056170c3d94424992d061ee455b48823fcf49c6d9d0b4bc16a4142866283811

  • SHA512

    91708bde6afe4463e29c88ed09ee4db44afe29cb7f0b67837dfc67f9b79f24c2236e5606199b4680afe8568b662658cc495553ebe2fe08bbcd2dbabb50ff4bbe

  • SSDEEP

    24576:44923NEP/mZTfIc3QQp6LDVtFhxzSP57G73GEyYwH/d1oDm:4K29ZUc37pSRShY3xy9Hz

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\16d6da1ce68edcf064335a92bd14a8b2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\16d6da1ce68edcf064335a92bd14a8b2_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/368-0-0x00000000744DE000-0x00000000744DF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/368-1-0x0000000000FB0000-0x00000000010CE000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/368-2-0x0000000007EE0000-0x0000000007FEC000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/368-3-0x000000000B6A0000-0x000000000BC44000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/368-4-0x00000000744D0000-0x0000000074C80000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/368-5-0x000000000B270000-0x000000000B302000-memory.dmp

    Filesize

    584KB

    Download

  • memory/368-6-0x00000000055B0000-0x00000000055C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/368-7-0x0000000005CE0000-0x0000000005CEA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/368-8-0x00000000744D0000-0x0000000074C80000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/368-10-0x00000000744D0000-0x0000000074C80000-memory.dmp

    Filesize

    7.7MB

    Download