Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
17/05/2024, 07:53
Static task
static1
Behavioral task
behavioral1
Sample
4f11dee0b3b179f1919c16957d02eab8_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4f11dee0b3b179f1919c16957d02eab8_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
4f11dee0b3b179f1919c16957d02eab8_JaffaCakes118.exe
-
Size
386KB
-
MD5
4f11dee0b3b179f1919c16957d02eab8
-
SHA1
996ee1fdd83eb580b150419e39ac57688e665f62
-
SHA256
2303444ba6e75af3face3f63201595bdda6c38c3d4744f08abe262b8cc073642
-
SHA512
52e226d981ed38307a58b34e004645df3ef589c09bf7756a1a0a0f75fcbe01913b36585e3a1c623a0bc1b99b4e6a69551f31f5a97185ed5bfe74b9a6373632dd
-
SSDEEP
6144:9YoiG0pCrJRCFgYDgLQOPuF26Rm/t6X/6dfMOUfx5xnCGF:i+1lY8fmY6Rm/QX/mrUBCGF
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2644 cmd.exe -
Runs ping.exe 1 TTPs 1 IoCs
pid Process 2536 PING.EXE -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2088 wrote to memory of 2644 2088 4f11dee0b3b179f1919c16957d02eab8_JaffaCakes118.exe 30 PID 2088 wrote to memory of 2644 2088 4f11dee0b3b179f1919c16957d02eab8_JaffaCakes118.exe 30 PID 2088 wrote to memory of 2644 2088 4f11dee0b3b179f1919c16957d02eab8_JaffaCakes118.exe 30 PID 2088 wrote to memory of 2644 2088 4f11dee0b3b179f1919c16957d02eab8_JaffaCakes118.exe 30 PID 2644 wrote to memory of 2536 2644 cmd.exe 32 PID 2644 wrote to memory of 2536 2644 cmd.exe 32 PID 2644 wrote to memory of 2536 2644 cmd.exe 32 PID 2644 wrote to memory of 2536 2644 cmd.exe 32
Processes
-
C:\Users\Admin\AppData\Local\Temp\4f11dee0b3b179f1919c16957d02eab8_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\4f11dee0b3b179f1919c16957d02eab8_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2088 -
C:\Windows\SysWOW64\cmd.execmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\4f11dee0b3b179f1919c16957d02eab8_JaffaCakes118.exe"2⤵
- Deletes itself
- Suspicious use of WriteProcessMemory
PID:2644 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 30003⤵
- Runs ping.exe
PID:2536
-
-