Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2c895daa47...18.exe

windows7-x64

7

2c895daa47...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/07/2024, 13:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2c895daa47e7e14a23935dc9977b9491_JaffaCakes118.exe

  • Size

    171KB

  • MD5

    2c895daa47e7e14a23935dc9977b9491

  • SHA1

    748d0dc60566249d69987301ee1ecd799cc42009

  • SHA256

    d09c5319728bbf63a9d015b51c66cede117c3f7b6c6288afa1ec96e8bcb7c989

  • SHA512

    0dab10fd5616b7096514205c732dc9e3c57f1f1789cc1cde1427f363d844657bcfd3e4115ea39eb95fcd228b9208846eb9391df52b86a14d7f45114d35e3bd31

  • SSDEEP

    3072:AHC7Azgo4qRXDPSsw5c1blU4VwUvFn6CWgpU9DbYKF8g+1t/HuHa/lmM:eMo42XOb5YxN+UNn6VgpEM88l1tvcmlm

Score
7/10

Malware Config

Signatures

  • Unexpected DNS network traffic destination 1 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2c895daa47e7e14a23935dc9977b9491_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2c895daa47e7e14a23935dc9977b9491_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3792-0-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/3792-2-0x0000000000427000-0x000000000042C000-memory.dmp

    Filesize

    20KB

    Download

  • memory/3792-3-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/3792-1-0x00000000006D0000-0x00000000006D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3792-4-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/3792-5-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/3792-6-0x0000000000427000-0x000000000042C000-memory.dmp

    Filesize

    20KB

    Download