Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2bb2d74df6...18.exe

windows7-x64

7

2bb2d74df6...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09/05/2024, 21:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2bb2d74df6aa50d8ae7fa443a9c93efb_JaffaCakes118.exe

  • Size

    13.8MB

  • MD5

    2bb2d74df6aa50d8ae7fa443a9c93efb

  • SHA1

    8566b840efb8748ddf5de31d38076334f36dc673

  • SHA256

    8e6692456a14fd96a79b28192e3e493dc0214a76a3da5673b2146812a3c8aaef

  • SHA512

    38dbf7bbd07022a24dca26c362d0facb3777feab46463da1d95e9e1783d3b117953b8862e6a568f171cbb5aea44e8bc52d7b6c5e26212698a964f1093ab6cd5d

  • SSDEEP

    393216:zn5N1rsaqV8o4r1UTAC8wIlP1hvYuDdSEDXQ:znxsl4r4ACr+vYgv

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2bb2d74df6aa50d8ae7fa443a9c93efb_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2bb2d74df6aa50d8ae7fa443a9c93efb_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2868
    • C:\Users\Admin\AppData\Local\Temp\WZS7790.tmp\msetup.exe
      .\msetup.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\WZS7790.tmp\web\SPButton.gif
    Filesize

    833B

    MD5

    15294b0562636639c518c8404659969a

    SHA1

    b29d9902de59211d822613dc473f5ee25cb75de2

    SHA256

    08f72fcf8e9c53cb5ac8fdca2b8ff595dcdaab4e842a8ecbb293b4f84cfb8aa2

    SHA512

    84bfbc7b020796a3b18f6e83054080d7c2748dcfc4837089152f3285940d584fd6bf33128b7b1d8ddce0d3dcc89b8503bd50fc96016e26b03cf81a68d5e8996f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\WZS7790.tmp\www\nwimg\mail\surge\help_right_on.gif
    Filesize

    92B

    MD5

    d7274d6c85b87de453b3233a5708272b

    SHA1

    27b07a4567e9bb0a3dbbd281ad237b7e97f10728

    SHA256

    fbccec5ee8fa25e91cb44f23a3542f124636dfe75e1da59e843cbd5d357a913f

    SHA512

    7ff736bbaf0ca4a0289ae6a73739db0196e2745552d2a87517c251dd383225732477dedcd1926fe32fb43d815bb67933bcb3b4cba44feaa5f03a467f492a9fa8

    Download Submit

  • \Users\Admin\AppData\Local\Temp\WZS7790.tmp\msetup.exe
    Filesize

    1.1MB

    MD5

    3f8efdd583b6da69d2a992e1828c27a6

    SHA1

    ec25c15e446dc1e51d29cbe53c133a4212b86900

    SHA256

    c24dcf537c56dbf55481768768d1be6a3f15d71c01050d5b8b186a3dffd7b1d1

    SHA512

    3af13527a1385e89292a4119b4b0795ff05bfd36ff498dafece5b6444bb58d4a8d2378c146692b094ee3144f5865c0217b4b9e1d5c19381d08490b189be605bf

    Download Submit

  • memory/2324-2128-0x0000000000400000-0x00000000009FF000-memory.dmp

    Filesize

    6.0MB

    Download