Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    140s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    04/07/2024, 03:05

General

  • Target

    246a2674d33be17266d01db83a4554af_JaffaCakes118.exe

  • Size

    395KB

  • MD5

    246a2674d33be17266d01db83a4554af

  • SHA1

    5d0e992f489b1b8bf80b7a1cae98bc5e4120366b

  • SHA256

    b5da8cfc17112468d5349a3fc14a539fdc646da3d806c4bc2fe0ee05c0f937f2

  • SHA512

    240d0741e3bdb73fb4e67b443f20f6a964677cf0a9629d500829e9c4b0880b3625a54a77a343c332f501ee921815e332205023dc2c71e1a87ea223902ca360d4

  • SSDEEP

    6144:fDhb/ikTpn+b2lyoangWv9zEjEj2NfEvlMYtPFcrvo9vzHmkjWiHe25+fLCrLEDq:fBKkAbMmgQX2ElMgFcrv2zWNX2M7SM+

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\246a2674d33be17266d01db83a4554af_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\246a2674d33be17266d01db83a4554af_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1868
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 116
      2⤵
      • Program crash
      PID:1568

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1868-0-0x0000000001000000-0x0000000001073000-memory.dmp

    Filesize

    460KB