Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

225145089c...18.exe

windows7-x64

7

225145089c...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    7s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    03/07/2024, 11:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    225145089ca646aed9df2e68c36c75d9_JaffaCakes118.exe

  • Size

    268KB

  • MD5

    225145089ca646aed9df2e68c36c75d9

  • SHA1

    e0a65ad02ced069120afcd06690da5dc32da88e1

  • SHA256

    af25c48450d230b9ceddf91f075010b3906a260f56b1eb8184352b045ba5e361

  • SHA512

    fbfbe4353888532686f0bdb9d87f1aabf952f8db657b36a825242cede9cf834bb536824e0eeaa7ce889b9d96a2dc6488ab8aa6b5e7cc7511fa5855d02b6184ee

  • SSDEEP

    3072:A3so3v+IA3xZI0eyuhDpY05aXUHSd9MNrrkdGEwS:A3RA3xZIPyipYburQdGEl

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\225145089ca646aed9df2e68c36c75d9_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\225145089ca646aed9df2e68c36c75d9_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2236
    • C:\Windows\rcryptor private.exe
      "C:\Windows\rcryptor private.exe"
      2⤵
      • Executes dropped EXE
      PID:852
    • C:\Windows\autoexec.exe
      "C:\Windows\autoexec.exe"
      2⤵
      • Executes dropped EXE
      PID:2584

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\autoexec.exe
    Filesize

    21KB

    MD5

    ceeb60688138550754183e51597fdbaf

    SHA1

    bd6a181be27091fbffdc777ef0eb25e0dbf12228

    SHA256

    318a59e15a43867107e94ee32d64ee40b1034e90869796bf0b4d436b57d74f38

    SHA512

    2d4c08c461c70ecdbf97d9ef0a2bf9e62ac87554bc167829cb762f499839070c8c74e50d89d77774e91997a9179a013f5a0ea3551a656e9af56f02cab406d3ef

    Download Submit

  • C:\Windows\rcryptor private.exe
    Filesize

    216KB

    MD5

    e88d9b2d61b77616fdbee3775913afaf

    SHA1

    6682c1ebdd3b6f844a38f57e69477d894a81b101

    SHA256

    21a5112e15b3ef0f0caf5f9cdb2ea05ad9e35b72c7ecb9b5522aab5856fb7a60

    SHA512

    169a24f774ae1ebd6420ee0a794f55c0231aed0996a1579f46f714c6bdb0a72c6d66c8af8a2dba976bd3e04f80ac0bb52cf3eeef64ad28660511f33e3abdb83a

    Download Submit

  • memory/2236-14-0x0000000000400000-0x000000000044A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/2236-14-0x0000000000400000-0x000000000044A000-memory.dmp

    Filesize

    296KB

    Download