Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

3

240cbf780a...18.exe

windows7-x64

5

240cbf780a...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    41s
  • max time network
    49s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/07/2024, 00:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    240cbf780a4c124d5fe65c907f05912a_JaffaCakes118.exe

  • Size

    18KB

  • MD5

    240cbf780a4c124d5fe65c907f05912a

  • SHA1

    2da38acaef36127a567a8d9baf99e34a1ca28dbc

  • SHA256

    711899e69794dd08c0fc0b1d430e04c4ffdeab3ddbd22fe0eb0b1c339fa24c72

  • SHA512

    bbe5acb9e7853885975f5d5a843fe80c507040d01a93b577f26f7a4fc925d4f4a32da671db918468272141e87130881b34064221674cd626177a872392f26b9b

  • SSDEEP

    384:enZ0cG+gyV8ctVse9Z/W0S6v7/Yo6QFL6F77DGlE8saa+y:enCkgyVye9Z/Wd6v8odLJa+y

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\240cbf780a4c124d5fe65c907f05912a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\240cbf780a4c124d5fe65c907f05912a_JaffaCakes118.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3904
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 304
      2⤵
      • Program crash
      PID:1360
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3904 -ip 3904
    1⤵
      PID:2848

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads