Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    140s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    03/07/2024, 17:28

General

  • Target

    2332223da5df70d3aca429110788a845_JaffaCakes118.exe

  • Size

    710KB

  • MD5

    2332223da5df70d3aca429110788a845

  • SHA1

    bc4209d87e86d075b0b924028d2c11f9a76dc5ef

  • SHA256

    6fa28dee8ab219054d3fd6bb80c3cb720c705498e49eac98eecc3c41405cc3ea

  • SHA512

    b01d72c81f61cb2c17583d5af4d60479f6cdf5f27e9aec6ad3f2f44038c7aea487bd4b4b502379a2069b94152b11e055a4340a7ae6bd7811d301996a9c3f2294

  • SSDEEP

    12288:za3XiuigTQYphbR3ndDGpJJpVAGOJXkUo+bJtWXghaPo1XE/YaFBatBbqfnQes:zanHn8qh9MpRVKJXkU9bDNbwgBenO

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Program Files directory 14 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2332223da5df70d3aca429110788a845_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2332223da5df70d3aca429110788a845_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1748
    • C:\Windows\svchost.exe
      "C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\2332223da5df70d3aca429110788a845_JaffaCakes118.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2060
      • C:\Users\Admin\AppData\Local\Temp\2332223da5df70d3aca429110788a845_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\2332223da5df70d3aca429110788a845_JaffaCakes118.exe"
        3⤵
        • Executes dropped EXE
        PID:1808
  • C:\Windows\svchost.exe
    C:\Windows\svchost.exe
    1⤵
    • Executes dropped EXE
    • Drops file in Program Files directory
    PID:2096

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\svchost.exe

    Filesize

    35KB

    MD5

    8ad0c91179cc96cf5c96007f46717eb7

    SHA1

    367a87ac57ddc558ca35f9161e3c13ae4971d658

    SHA256

    528cd37789ed96d2c2a5008db280a769ea6a72afe15a322039cc444203c60084

    SHA512

    49802da8f61dacb8d9c20d3f4f6a81e8d35b3cc0365a83b8f8bfc753a50459e70da86b61a21308715d0e552cdc6d97f4b9e7fc6bc8c5b5210ced74d6b995ad82

  • \Users\Admin\AppData\Local\Temp\2332223da5df70d3aca429110788a845_JaffaCakes118.exe

    Filesize

    675KB

    MD5

    d6089e10f30111c4c14af916edfe648f

    SHA1

    64d89a3fc3fbb8daeaf20eb0455b49ddcac094e5

    SHA256

    c88dc3a5952723397224814eaef3a8a4603034ddc21269dfe6d0d9be016dff8b

    SHA512

    1fde6b4aa4f054809da51f28d9b1d42b791703b47212d1a499322e66960deb114dd487b373d8150720543581bb281c287ea51d3549753eb3aa6ab8f88bcedd33

  • memory/1748-5-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

  • memory/1808-38-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

  • memory/1808-40-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

  • memory/2060-16-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

  • memory/2096-39-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

  • memory/2096-55-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB