Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
27/06/2024, 17:07
Behavioral task
behavioral1
Sample
16ce218ffe33f5e92083627685528426_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
16ce218ffe33f5e92083627685528426_JaffaCakes118.exe
Resource
win10v2004-20240611-en
General
-
Target
16ce218ffe33f5e92083627685528426_JaffaCakes118.exe
-
Size
56KB
-
MD5
16ce218ffe33f5e92083627685528426
-
SHA1
704844d1e5d0f3585d74f43e2d3d1c9362272cf5
-
SHA256
46ace6d67188577c7fccf74fc799294f1d23389ddb22f883a96938e9b9d657f2
-
SHA512
d31e0631547a2504b4696a37f8b3ff38f011ca1792d7284272176ba20f49f210fd92af40db77b6c04233f0ce21ee00c5ee5b9b71cf8bbb430b5462df22e9752d
-
SSDEEP
1536:QrLbZnmND6dlgbSOb8MQ7eVeOQ5Rg2+EBf8Hj2:QrPRmF6fgbTQ7CRW+2+Eh8Hj
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2360 16ce218ffe33f5e92083627685528426_JaffaCakes118.exe -
Executes dropped EXE 1 IoCs
pid Process 2360 16ce218ffe33f5e92083627685528426_JaffaCakes118.exe -
Loads dropped DLL 1 IoCs
pid Process 1792 16ce218ffe33f5e92083627685528426_JaffaCakes118.exe -
resource yara_rule behavioral1/memory/1792-0-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral1/files/0x000e0000000126b8-10.dat upx behavioral1/memory/2360-17-0x0000000000400000-0x000000000043A000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1792 16ce218ffe33f5e92083627685528426_JaffaCakes118.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1792 16ce218ffe33f5e92083627685528426_JaffaCakes118.exe 2360 16ce218ffe33f5e92083627685528426_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1792 wrote to memory of 2360 1792 16ce218ffe33f5e92083627685528426_JaffaCakes118.exe 29 PID 1792 wrote to memory of 2360 1792 16ce218ffe33f5e92083627685528426_JaffaCakes118.exe 29 PID 1792 wrote to memory of 2360 1792 16ce218ffe33f5e92083627685528426_JaffaCakes118.exe 29 PID 1792 wrote to memory of 2360 1792 16ce218ffe33f5e92083627685528426_JaffaCakes118.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\16ce218ffe33f5e92083627685528426_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\16ce218ffe33f5e92083627685528426_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1792 -
C:\Users\Admin\AppData\Local\Temp\16ce218ffe33f5e92083627685528426_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\16ce218ffe33f5e92083627685528426_JaffaCakes118.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2360
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
56KB
MD556315b46b303f0408f219d3a8566b09c
SHA1eee8e2eb9841b363f83b5b79a63389d20eb9f299
SHA25622e640780b420daad9603097a5c0cb0df34caa345d14ec36455c19a142f59f1e
SHA512ab6f557cb675895baed44d383e35a312b734876a53c6742926eddd3f0686751961a8b09d9be19dc5954a0740668ed841391a0cb8dce8db1622389b5069a2bfe2