Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

180f90cad1...18.exe

windows7-x64

7

180f90cad1...18.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    28/06/2024, 00:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    180f90cad1808964dab716a6b56309be_JaffaCakes118.exe

  • Size

    20KB

  • MD5

    180f90cad1808964dab716a6b56309be

  • SHA1

    b9563e9116ed3ace91c6737cfea8e5a86c3d48cd

  • SHA256

    c5fff2663b4513a2ac33dde1570f8e97e8f710b2368a8e45dff92f450d2ec9e0

  • SHA512

    b411c711f14659c758e2180d1f623327be458c38a069a5b84d0fd578673b566d9e74f042d3a8f9379442d9894c0bdfdc9031a5d9547d3b31c5820aff2a8e9afb

  • SSDEEP

    384:y4J82hYqyDeO5guQKrdu4NKhy2rlJyVVRboBmXBas4:yd2hYqlO5guQWQGK3lJEVRboE8

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1216
      • C:\Users\Admin\AppData\Local\Temp\180f90cad1808964dab716a6b56309be_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\180f90cad1808964dab716a6b56309be_JaffaCakes118.exe"
        2⤵
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:1928
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c c:\Deleteme.bat
          3⤵
          • Deletes itself
          PID:2788

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Deleteme.bat
      Filesize

      212B

      MD5

      0dbde7528a34933b66c27c0b392e7a85

      SHA1

      7a3cf079b41444d62b3ecdd166479e5779fcc4a8

      SHA256

      04fad1d4b4c3e1b823971dbd48561e5ac988762a4e8b0e872221ce8273899b41

      SHA512

      b8890cf05a40cf53e30beed0f02555c3b7905aafdc31866ae6ad483779bce2cabe77857c0ad6d657c356315e8c25666ddd69c98eda9605ea9d5778de7ec2293a

      Download Submit

    • memory/1216-0-0x0000000018140000-0x000000001814C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/1928-9-0x0000000018140000-0x000000001814C000-memory.dmp

      Filesize

      48KB

      Download