Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

6d48693105...18.exe

windows7-x64

7

6d48693105...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    24/05/2024, 04:04 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6d48693105fb33c03270878916b2e357_JaffaCakes118.exe

  • Size

    792KB

  • MD5

    6d48693105fb33c03270878916b2e357

  • SHA1

    da637a0613f56a32a6f32a2bb417ad0f19618cc5

  • SHA256

    22d459afd48de8ee855a054899e718e0e64a4a3e96e87accb95ca5d948ec052a

  • SHA512

    455110bb106043772b22332248343992c2dd01c2916142b39883394d36f890c361a5524b3425de799f02c7d5a5cc851339938fd76fa6b46b41d323967b915f80

  • SSDEEP

    12288:TgqkazPQCPgNfY7mXgAu7YNJ03It4FFRSNTrnKR3ajgANxPavobsCcL+asg9CIXz:TgTOPQCeC4Xu0fg+Oq/zkAN/beLAqj

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6d48693105fb33c03270878916b2e357_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\6d48693105fb33c03270878916b2e357_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1728
    • C:\Users\Admin\AppData\Local\Temp\is-2IOM8.tmp\6d48693105fb33c03270878916b2e357_JaffaCakes118.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-2IOM8.tmp\6d48693105fb33c03270878916b2e357_JaffaCakes118.tmp" /SL5="$4010A,737890,54272,C:\Users\Admin\AppData\Local\Temp\6d48693105fb33c03270878916b2e357_JaffaCakes118.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2036
      • C:\Users\Admin\AppData\Local\Temp\is-6RQ7B.tmp\6d48693105fb33c03270878916b2e357_JaffaCakes118.tmp
        "C:\Users\Admin\AppData\Local\Temp\is-6RQ7B.tmp\6d48693105fb33c03270878916b2e357_JaffaCakes118.tmp" /SL5="$60126,55867,54272,C:\Users\Admin\AppData\Local\Temp\is-2IOM8.tmp\6d48693105fb33c03270878916b2e357_JaffaCakes118.tmp" /SL5="$4010A,737890,54272,C:\Users\Admin\AppData\Local\Temp\6d48693105fb33c03270878916b2e357_JaffaCakes118.exe"
        3⤵
        • Executes dropped EXE
        PID:2328

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\is-2IOM8.tmp\6d48693105fb33c03270878916b2e357_JaffaCakes118.tmp
    Filesize

    84KB

    MD5

    eb4852a5c32500f33de8433107285351

    SHA1

    bf489592c9aaf5f0a96e85e3697365401c217285

    SHA256

    5a0f4e17ba1b79436399756942cecd4561b59c51456f1e10a1411b9440d10b42

    SHA512

    550e139514df11169a8f19975e764b3a69dd970c1053e246b8e1f8a1d459125abaa5d966221a5dc5a8eacb460b158fd4cffa5f74e6c93857e672789f49c7e866

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-6RQ7B.tmp\6d48693105fb33c03270878916b2e357_JaffaCakes118.tmp
    Filesize

    53KB

    MD5

    9d59794131059cdc5948e43e3ff7f7d8

    SHA1

    68d3d3b9508e126e701e528964fc379ecf5d696d

    SHA256

    f6d23d64cc0c90976d67d69085ddc0ec24e68e4998a44ef516b26458bdbbe038

    SHA512

    0e17f9762128567bd33e33bd98f1513fc7ed97a929e5714ede6bafadbf2f6c0e1cd66ac295019b65549ae949fd0c966f5420042b7f4ea4872e0e1d25cce40466

    Download Submit

  • memory/1728-0-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/1728-2-0x0000000000401000-0x000000000040B000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1728-24-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2036-8-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2036-11-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2036-23-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2328-17-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2328-20-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2328-21-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.