Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
28/06/2024, 10:59
Static task
static1
Behavioral task
behavioral1
Sample
19df083a6b9a1511813bfb3e5056c50a_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
19df083a6b9a1511813bfb3e5056c50a_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
19df083a6b9a1511813bfb3e5056c50a_JaffaCakes118.exe
-
Size
63KB
-
MD5
19df083a6b9a1511813bfb3e5056c50a
-
SHA1
ae49dc019f06acfef06b39b9cebd4d3743c94a54
-
SHA256
bef7e4f4bb0876dbd4fcd5f85c7fd769d357c6050c02ea78830bea97dd1a6f61
-
SHA512
a4a3323957ac47c0aa2ced5f6742473cb3aab524a064e57a7ff302db05c3dd9ff9afeb6e1476f821de1ab78e173239f57c2ad8b6ea8fd34f757d07093473f397
-
SSDEEP
768:KDieTh57q8uVhOJ5Abebeqa739f0SY29+Ptx9EkDieTh57q8uNehOJ5Abebeqa7r:KDigGQJxCqarm2eukDigGLZJxCqarmi
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2868 1384 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1384 wrote to memory of 2868 1384 19df083a6b9a1511813bfb3e5056c50a_JaffaCakes118.exe 28 PID 1384 wrote to memory of 2868 1384 19df083a6b9a1511813bfb3e5056c50a_JaffaCakes118.exe 28 PID 1384 wrote to memory of 2868 1384 19df083a6b9a1511813bfb3e5056c50a_JaffaCakes118.exe 28 PID 1384 wrote to memory of 2868 1384 19df083a6b9a1511813bfb3e5056c50a_JaffaCakes118.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\19df083a6b9a1511813bfb3e5056c50a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\19df083a6b9a1511813bfb3e5056c50a_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1384 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 2042⤵
- Program crash
PID:2868
-