Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
06/07/2024, 22:42
Static task
static1
Behavioral task
behavioral1
Sample
29777f1a7533c45d1e63355aa1516886_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
29777f1a7533c45d1e63355aa1516886_JaffaCakes118.exe
Resource
win10v2004-20240704-en
General
-
Target
29777f1a7533c45d1e63355aa1516886_JaffaCakes118.exe
-
Size
1.9MB
-
MD5
29777f1a7533c45d1e63355aa1516886
-
SHA1
e79ec4e7a598a2b0131c47a328a61dd8f86bd4ba
-
SHA256
42a6703a71d112a1a0d25cdc797d90c663a9dc1ead45ea7d8f0853ad9a3d3afa
-
SHA512
5d9b0737605f7afb741acf1d79efe8f3da0d496f1fa4de8c3d0442f241b5bcd3691ef2b34000de31d34b2af41f6c142e77ae34b619418b7fbebdfbe8bb55956a
-
SSDEEP
49152:Qoa1taC070dy87eO/wIjaFxOWqxAn2ztV9USP:Qoa1taC0m7p/wIjixOWqqnIOk
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2960 91B5.tmp -
Executes dropped EXE 1 IoCs
pid Process 2960 91B5.tmp -
Loads dropped DLL 1 IoCs
pid Process 1044 29777f1a7533c45d1e63355aa1516886_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1044 wrote to memory of 2960 1044 29777f1a7533c45d1e63355aa1516886_JaffaCakes118.exe 28 PID 1044 wrote to memory of 2960 1044 29777f1a7533c45d1e63355aa1516886_JaffaCakes118.exe 28 PID 1044 wrote to memory of 2960 1044 29777f1a7533c45d1e63355aa1516886_JaffaCakes118.exe 28 PID 1044 wrote to memory of 2960 1044 29777f1a7533c45d1e63355aa1516886_JaffaCakes118.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\29777f1a7533c45d1e63355aa1516886_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\29777f1a7533c45d1e63355aa1516886_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1044 -
C:\Users\Admin\AppData\Local\Temp\91B5.tmp"C:\Users\Admin\AppData\Local\Temp\91B5.tmp" --splashC:\Users\Admin\AppData\Local\Temp\29777f1a7533c45d1e63355aa1516886_JaffaCakes118.exe E31983B761BC7E8F56830831049DDA561FED1B040689CBD78EFDC4D1ED4C0BEFFA588194B88EF3FE901FBB81A614252865416A4403A14A6F3BC5D654E10489602⤵
- Deletes itself
- Executes dropped EXE
PID:2960
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.9MB
MD5ab2471ffde24833f55aa7c2d91448d09
SHA162863bb8a0bb630f1bc4f6165aa04c979756a792
SHA256b8cc11bb4398bd6dfc184fa97194dd434e7d29222f619238932078276604b3e6
SHA5125ac56f8dcdd1f0bc9b39bd3cbb57dfac6778f5415ae23ff057e8e3c73cee331225b91da36fe69c5d74dade795ca122e67a5edfa73d1d9f2b407fc02c88df5663