Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    11/05/2024, 15:47

General

  • Target

    3558986122c8758d539f230d9258562a_JaffaCakes118.exe

  • Size

    2.2MB

  • MD5

    3558986122c8758d539f230d9258562a

  • SHA1

    6de9710aa690b020c40c945901ff0e4c409e12e2

  • SHA256

    baac1803ede2d2601ff58a603916e0e55a23c12b2358c49afbb8a13cb100ffa1

  • SHA512

    86aaae73a2ffe83e96250ce9597acad6d8f5a728108ef4c1d8ed6338a29725aca1acb0909a1057d207e73a66e8e591d58a3c9a37b367ed9d12d2efbbe332ebdc

  • SSDEEP

    49152:o+4InJLeXR3vtrE9K/3RmnQtSyjK0s3nd7vURw/Iu:J4IJLC4w/hmnNt7vx/t

Score
7/10

Malware Config

Signatures

  • VMProtect packed file 2 IoCs

    Detects executables packed with VMProtect commercial packer.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3558986122c8758d539f230d9258562a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3558986122c8758d539f230d9258562a_JaffaCakes118.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:1736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1736-0-0x00000000004AD000-0x000000000066D000-memory.dmp

    Filesize

    1.8MB

  • memory/1736-11-0x00000000003C0000-0x00000000008A9000-memory.dmp

    Filesize

    4.9MB

  • memory/1736-10-0x0000000000110000-0x0000000000111000-memory.dmp

    Filesize

    4KB

  • memory/1736-8-0x0000000000110000-0x0000000000111000-memory.dmp

    Filesize

    4KB

  • memory/1736-6-0x0000000000110000-0x0000000000111000-memory.dmp

    Filesize

    4KB

  • memory/1736-5-0x0000000000100000-0x0000000000101000-memory.dmp

    Filesize

    4KB

  • memory/1736-3-0x0000000000100000-0x0000000000101000-memory.dmp

    Filesize

    4KB

  • memory/1736-1-0x0000000000100000-0x0000000000101000-memory.dmp

    Filesize

    4KB

  • memory/1736-13-0x00000000003C0000-0x00000000008A9000-memory.dmp

    Filesize

    4.9MB

  • memory/1736-14-0x00000000004AD000-0x000000000066D000-memory.dmp

    Filesize

    1.8MB