Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
28/06/2024, 00:03
Behavioral task
behavioral1
Sample
180c7a68c5eb9b98021feb688aa95062_JaffaCakes118.exe
Resource
win7-20240611-en
3 signatures
150 seconds
General
-
Target
180c7a68c5eb9b98021feb688aa95062_JaffaCakes118.exe
-
Size
720KB
-
MD5
180c7a68c5eb9b98021feb688aa95062
-
SHA1
74af9fb10f210e0e16fd8ba6291d5e01d5e2a7f8
-
SHA256
a0e0472f8c76a1b62ac3cb813a71c53444b0044c59b66f87263417755e7919aa
-
SHA512
cefe61b35d95fc540ea6e9a7f96362b05ce6ba169aec76dc7fd0ee49202192bb2f99f1156bb69c8123bc29450bc11b8f7e7cdd3edf8a61d37c218ac8efef41ae
-
SSDEEP
12288:cdhnReTN0liZ3fsT0zIY7lgG4meQg3vyAoCHtOhqRKbVfmdT1D/gy3m:shQp93fVIjGAb/yAbWBb8T1zgC
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2068 2924 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2924 wrote to memory of 2068 2924 180c7a68c5eb9b98021feb688aa95062_JaffaCakes118.exe 28 PID 2924 wrote to memory of 2068 2924 180c7a68c5eb9b98021feb688aa95062_JaffaCakes118.exe 28 PID 2924 wrote to memory of 2068 2924 180c7a68c5eb9b98021feb688aa95062_JaffaCakes118.exe 28 PID 2924 wrote to memory of 2068 2924 180c7a68c5eb9b98021feb688aa95062_JaffaCakes118.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\180c7a68c5eb9b98021feb688aa95062_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\180c7a68c5eb9b98021feb688aa95062_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2924 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 2242⤵
- Program crash
PID:2068
-