Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 03:52
Static task
static1
Behavioral task
behavioral1
Sample
8ccdffa8d35b295ff925ab0cfe7c82ff_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8ccdffa8d35b295ff925ab0cfe7c82ff_JaffaCakes118.exe
Resource
win10v2004-20240426-en
General
-
Target
8ccdffa8d35b295ff925ab0cfe7c82ff_JaffaCakes118.exe
-
Size
96KB
-
MD5
8ccdffa8d35b295ff925ab0cfe7c82ff
-
SHA1
656f3b52f1014e8eed142a77eef9f9c3240a75ac
-
SHA256
13178e8c8da7fd574674a6ab69ee56eb1fd048ff47973c34822b125748901f6c
-
SHA512
9208bd82ed6c6d12fa7ee4c141823d9d0fbb72da04d975317e552bf3bc41f54ba52442eb7ef3f43c3ec793e4164434be8e61b5d7f6503636b88194b1293db8d9
-
SSDEEP
1536:E47ftfkS5g9YOms+gZcQipICdXkNDqLLZX9lItVGL++eIOlnToIfPwc1sj4qm4:EWFfHgTWmCRkGbKGLeNTBfPp1sj4x4
Malware Config
Signatures
-
Runs ping.exe 1 TTPs 1 IoCs
pid Process 1728 PING.EXE -
Suspicious use of WriteProcessMemory 13 IoCs
description pid Process procid_target PID 2328 wrote to memory of 2324 2328 8ccdffa8d35b295ff925ab0cfe7c82ff_JaffaCakes118.exe 29 PID 2328 wrote to memory of 2324 2328 8ccdffa8d35b295ff925ab0cfe7c82ff_JaffaCakes118.exe 29 PID 2328 wrote to memory of 2324 2328 8ccdffa8d35b295ff925ab0cfe7c82ff_JaffaCakes118.exe 29 PID 2328 wrote to memory of 2324 2328 8ccdffa8d35b295ff925ab0cfe7c82ff_JaffaCakes118.exe 29 PID 2324 wrote to memory of 2600 2324 cmd.exe 30 PID 2324 wrote to memory of 2600 2324 cmd.exe 30 PID 2324 wrote to memory of 2600 2324 cmd.exe 30 PID 2324 wrote to memory of 2984 2324 cmd.exe 31 PID 2324 wrote to memory of 2984 2324 cmd.exe 31 PID 2324 wrote to memory of 2984 2324 cmd.exe 31 PID 2324 wrote to memory of 1728 2324 cmd.exe 32 PID 2324 wrote to memory of 1728 2324 cmd.exe 32 PID 2324 wrote to memory of 1728 2324 cmd.exe 32
Processes
-
C:\Users\Admin\AppData\Local\Temp\8ccdffa8d35b295ff925ab0cfe7c82ff_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\8ccdffa8d35b295ff925ab0cfe7c82ff_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2328 -
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\1094.tmp\1095.tmp\1096.bat C:\Users\Admin\AppData\Local\Temp\8ccdffa8d35b295ff925ab0cfe7c82ff_JaffaCakes118.exe"2⤵
- Suspicious use of WriteProcessMemory
PID:2324 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" ver "3⤵PID:2600
-
-
C:\Windows\system32\find.exefind "Version 6.0"3⤵PID:2984
-
-
C:\Windows\system32\PING.EXEping -n 7 localhost3⤵
- Runs ping.exe
PID:1728
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD52f0ec98ebb636963e785a15a5824639e
SHA10761023da43df7732977e363ce6b92b65275c12c
SHA25652bc7028d5329c0316cf4280f26f8cc1f2debd7f4be64f12d7c6d4468fcb1a50
SHA512d88c57d69c9ee1d5cd8f60dadac6c72fb05556ed43628a9ce2696a0c8381163761e15e49a22ddf3181fc3be339ca33b077d5d2e554373801d78c51d4e39e8d13