Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
142s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
28/06/2024, 02:41
Static task
static1
Behavioral task
behavioral1
Sample
187e9355c15aa4ae26d68b87d5180f08_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
187e9355c15aa4ae26d68b87d5180f08_JaffaCakes118.exe
Resource
win10v2004-20240611-en
General
-
Target
187e9355c15aa4ae26d68b87d5180f08_JaffaCakes118.exe
-
Size
5.3MB
-
MD5
187e9355c15aa4ae26d68b87d5180f08
-
SHA1
48872adfa9a107d743bd820e886e0a99888530db
-
SHA256
f6827b4c797301092baaf0ebc71aaea2c31fea74ba16caeaf07dee625270573d
-
SHA512
fbe18bcd6b8629b6b42506b78233c0f903265e9f18502b7083f2b89a3120dd865ce9220051b188e55a5443d2bbe71d4ed030de4735a89a9a9dbec555bb582d40
-
SSDEEP
98304:A4FVT+HoqTs+joYMl9CYysqLRFce2EfQp/I9bbiSwI2mrmRlXTY9y8ASvjNe7ISJ:/FVT+IqnMYMqxsqFWe2XKHrhmRlXTY9U
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 948 setup.exe -
Loads dropped DLL 8 IoCs
pid Process 3000 187e9355c15aa4ae26d68b87d5180f08_JaffaCakes118.exe 1456 WerFault.exe 1456 WerFault.exe 1456 WerFault.exe 1456 WerFault.exe 1456 WerFault.exe 1456 WerFault.exe 1456 WerFault.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
pid pid_target Process procid_target 1456 948 WerFault.exe 28 -
Suspicious use of WriteProcessMemory 14 IoCs
description pid Process procid_target PID 3000 wrote to memory of 948 3000 187e9355c15aa4ae26d68b87d5180f08_JaffaCakes118.exe 28 PID 3000 wrote to memory of 948 3000 187e9355c15aa4ae26d68b87d5180f08_JaffaCakes118.exe 28 PID 3000 wrote to memory of 948 3000 187e9355c15aa4ae26d68b87d5180f08_JaffaCakes118.exe 28 PID 3000 wrote to memory of 948 3000 187e9355c15aa4ae26d68b87d5180f08_JaffaCakes118.exe 28 PID 3000 wrote to memory of 948 3000 187e9355c15aa4ae26d68b87d5180f08_JaffaCakes118.exe 28 PID 3000 wrote to memory of 948 3000 187e9355c15aa4ae26d68b87d5180f08_JaffaCakes118.exe 28 PID 3000 wrote to memory of 948 3000 187e9355c15aa4ae26d68b87d5180f08_JaffaCakes118.exe 28 PID 948 wrote to memory of 1456 948 setup.exe 29 PID 948 wrote to memory of 1456 948 setup.exe 29 PID 948 wrote to memory of 1456 948 setup.exe 29 PID 948 wrote to memory of 1456 948 setup.exe 29 PID 948 wrote to memory of 1456 948 setup.exe 29 PID 948 wrote to memory of 1456 948 setup.exe 29 PID 948 wrote to memory of 1456 948 setup.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\187e9355c15aa4ae26d68b87d5180f08_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\187e9355c15aa4ae26d68b87d5180f08_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3000 -
C:\Users\Admin\AppData\Local\Temp\minimax_plus_3222\setup.exe"C:\Users\Admin\AppData\Local\Temp\minimax_plus_3222\setup.exe"2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:948 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 3483⤵
- Loads dropped DLL
- Program crash
PID:1456
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
817KB
MD55d3baf0e1efe7313cc2b74a4df5ac8cf
SHA1416916c048ed1dd2d54d8a1d149eb1705cddde85
SHA2564454fb32a1dd04dfb93ebd5bb1e4b6c56f7ff72e2328180d9b7aa79b3022ff4f
SHA512c79a3f1abddec7dcd51b0dd054d864bb46a326369eb31bc16e90326e1be97151dc2b92ce8fa35183b017c46ba6cf7db81ae0ad77b5e6c22bb94510b61e751796