Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
10/05/2024, 08:54
Static task
static1
Behavioral task
behavioral1
Sample
2e52b552f26a5099e4ac911c1bbc70c4_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
2e52b552f26a5099e4ac911c1bbc70c4_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
2e52b552f26a5099e4ac911c1bbc70c4_JaffaCakes118.exe
-
Size
470KB
-
MD5
2e52b552f26a5099e4ac911c1bbc70c4
-
SHA1
0467a8dd5b9daad0906729c2f4f09f10d69715dc
-
SHA256
124758848fe7479ac0ec860a91ae7886004c6f892b45e2bd0bde31b8a153d878
-
SHA512
ad9d5d6e3d38ddd2ba11ecb39045333366bc6c1154a9cd7a7a49ece69e69da750f62a080aac879ee6e4cee99be221b7f9aa9e3549d917937570eaf0e4d43563e
-
SSDEEP
6144:6SdmQBDeWpLRLYeBP0EIXeW2iare0k4mDggTIDYV46K2UKzA2H++vOZhMnnn:6OTVvt0UXe0wDg+IDYV15zAv+vCEn
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2544 cmd.exe -
Runs ping.exe 1 TTPs 1 IoCs
pid Process 2832 PING.EXE -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 1148 wrote to memory of 2544 1148 2e52b552f26a5099e4ac911c1bbc70c4_JaffaCakes118.exe 30 PID 1148 wrote to memory of 2544 1148 2e52b552f26a5099e4ac911c1bbc70c4_JaffaCakes118.exe 30 PID 1148 wrote to memory of 2544 1148 2e52b552f26a5099e4ac911c1bbc70c4_JaffaCakes118.exe 30 PID 1148 wrote to memory of 2544 1148 2e52b552f26a5099e4ac911c1bbc70c4_JaffaCakes118.exe 30 PID 2544 wrote to memory of 2832 2544 cmd.exe 32 PID 2544 wrote to memory of 2832 2544 cmd.exe 32 PID 2544 wrote to memory of 2832 2544 cmd.exe 32 PID 2544 wrote to memory of 2832 2544 cmd.exe 32
Processes
-
C:\Users\Admin\AppData\Local\Temp\2e52b552f26a5099e4ac911c1bbc70c4_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\2e52b552f26a5099e4ac911c1bbc70c4_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1148 -
C:\Windows\SysWOW64\cmd.execmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\2e52b552f26a5099e4ac911c1bbc70c4_JaffaCakes118.exe"2⤵
- Deletes itself
- Suspicious use of WriteProcessMemory
PID:2544 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 30003⤵
- Runs ping.exe
PID:2832
-
-