Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
20/06/2024, 09:41
Static task
static1
Behavioral task
behavioral1
Sample
04d231e558ce6693152aa27529aefaa6_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
04d231e558ce6693152aa27529aefaa6_JaffaCakes118.exe
Resource
win10v2004-20240611-en
General
-
Target
04d231e558ce6693152aa27529aefaa6_JaffaCakes118.exe
-
Size
361KB
-
MD5
04d231e558ce6693152aa27529aefaa6
-
SHA1
854309f5a089a0acc00ac30fc20b13c944d55d09
-
SHA256
eebaa8e88cf692a7211ef3e6b69af16534a6f42bcf37a526e9e989e3ba67341c
-
SHA512
98be47a6576e45b78bf23300da075ff5b977053e478cbeaed8e4224e96af2b003782abde19c93a195005197a51c955d37954fac38e3a06e38675efff2ee0d7d7
-
SSDEEP
6144:+3hcZaHRF2idZecnl20lHRxp3gpFicV4RFxrX4xXNtHKoyCCOlyTiVm2GkyZ3:ShuYF3Z4mxxWic6o9ozQVm2Gku
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2176 cmd.exe -
Executes dropped EXE 1 IoCs
pid Process 2788 opin.exe -
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\SysWOW64\opin.exe 04d231e558ce6693152aa27529aefaa6_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\opin.exe 04d231e558ce6693152aa27529aefaa6_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1680 wrote to memory of 2176 1680 04d231e558ce6693152aa27529aefaa6_JaffaCakes118.exe 29 PID 1680 wrote to memory of 2176 1680 04d231e558ce6693152aa27529aefaa6_JaffaCakes118.exe 29 PID 1680 wrote to memory of 2176 1680 04d231e558ce6693152aa27529aefaa6_JaffaCakes118.exe 29 PID 1680 wrote to memory of 2176 1680 04d231e558ce6693152aa27529aefaa6_JaffaCakes118.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\04d231e558ce6693152aa27529aefaa6_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\04d231e558ce6693152aa27529aefaa6_JaffaCakes118.exe"1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1680 -
C:\Windows\SysWOW64\cmd.execmd /c .\delmeexe.bat2⤵
- Deletes itself
PID:2176
-
-
C:\Windows\SysWOW64\opin.exeC:\Windows\SysWOW64\opin.exe1⤵
- Executes dropped EXE
PID:2788
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
235B
MD5a995c2f569fbf84e4d78184babea5a6a
SHA1cde6cac463ec4d59c21c7c3cf3d9928e9c4913dd
SHA256bc6dbbd6cbad17293f4c3c73d2f4dcbb9921b08c11f87c75e4d978b487c8a71c
SHA51205d14bc1b1827509d5d351bb819b407767ca38b6708d9d4c1e103fdaf7154ffcdcc3891fdaa4b9826b6f79a0dcc471127a1b3917d3fbf22a91aeedf786eb5f1e
-
Filesize
361KB
MD504d231e558ce6693152aa27529aefaa6
SHA1854309f5a089a0acc00ac30fc20b13c944d55d09
SHA256eebaa8e88cf692a7211ef3e6b69af16534a6f42bcf37a526e9e989e3ba67341c
SHA51298be47a6576e45b78bf23300da075ff5b977053e478cbeaed8e4224e96af2b003782abde19c93a195005197a51c955d37954fac38e3a06e38675efff2ee0d7d7