Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

8a3149efdc...18.exe

windows7-x64

7

8a3149efdc...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    01/06/2024, 10:31 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8a3149efdc02588d257a287b3230836f_JaffaCakes118.exe

  • Size

    434KB

  • MD5

    8a3149efdc02588d257a287b3230836f

  • SHA1

    6c69f6695caafe6f4f17f5eb933e6e08324608a1

  • SHA256

    667388c6e820ec389caa87ae76cc5a0b11bf53f709ae452b307a123130230f65

  • SHA512

    54473c0a5c89819f09bf12841029c34f3257fd8658700b162d234810452acebf993fb81bb16207db88b2a21c504e3ed5513098b672cf6c690b7478bba72d15c1

  • SSDEEP

    6144:qCh6w0YQB47mkim3+AHfljOgBFDO7SlyYpVYNwKWy/8E4R6iDieTmn:qCvwvA+M9rO2PjdHc8ESPDrTw

Score
7/10
agilenet

Malware Config

Signatures

  • Obfuscated with Agile.Net obfuscator 1 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8a3149efdc02588d257a287b3230836f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8a3149efdc02588d257a287b3230836f_JaffaCakes118.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1776
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 924
      2⤵
      • Program crash
      PID:2668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1776-0-0x00000000747BE000-0x00000000747BF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1776-1-0x00000000013D0000-0x0000000001442000-memory.dmp

    Filesize

    456KB

    Download

  • memory/1776-2-0x0000000000550000-0x0000000000580000-memory.dmp

    Filesize

    192KB

    Download

  • memory/1776-3-0x00000000747B0000-0x0000000074E9E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1776-4-0x00000000004F0000-0x00000000004FA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1776-5-0x0000000000580000-0x000000000058E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1776-6-0x0000000000500000-0x000000000050A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1776-7-0x00000000747BE000-0x00000000747BF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1776-8-0x00000000747B0000-0x0000000074E9E000-memory.dmp

    Filesize

    6.9MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.