Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2cf858176c...18.exe

windows7-x64

7

2cf858176c...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/07/2024, 16:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2cf858176c2795185f9767846620bae7_JaffaCakes118.exe

  • Size

    731KB

  • MD5

    2cf858176c2795185f9767846620bae7

  • SHA1

    06b735a487693b23c0c32dd0bb2661c76cc678eb

  • SHA256

    bb6bb57641cdea7dac73f83c228645228173f771c6a3931df340d94e51b09c69

  • SHA512

    55be78584461981182770466577aa5bf3800d66660c329d7f27c12e5951c46f14df2d3aa293632a281aa03b825c0149810216873f455539c1fffb7a99e868660

  • SSDEEP

    12288:QqS5kz4IYscIuLfBemSZVWfKAJ9OjtNqvv3T/yF3Z4mxx9JW34D7qoOiMEDBni1n:QqSQNuL5kZVowtgvvD/yQmXnWoP+pEDs

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2cf858176c2795185f9767846620bae7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2cf858176c2795185f9767846620bae7_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1092
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Server.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Server.exe
      2⤵
      • Executes dropped EXE
      PID:1168
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 544
        3⤵
        • Program crash
        PID:1864
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1168 -ip 1168
    1⤵
      PID:3752

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Server.exe
      Filesize

      398KB

      MD5

      509930962d43ef89d0002c8dd12bc695

      SHA1

      92f7416182d453b79d5e3fd32e8a413d17fe9565

      SHA256

      a5a5c5638b21c2c7d901a04e76758225fb20503290b81706f92eb68623352bdd

      SHA512

      a92a25316d2e86c1ace4ab4d68d248a42f360f46774b96971b335806f95d3bacd2edbd86eb51293af6409dce4b415346203c579ac71c98020a2f097e5fd289b3

      Download Submit

    • memory/1092-0-0x0000000001000000-0x00000000010C2000-memory.dmp

      Filesize

      776KB

      Download

    • memory/1092-1-0x000000000106F000-0x0000000001070000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1092-2-0x0000000001000000-0x00000000010C2000-memory.dmp

      Filesize

      776KB

      Download

    • memory/1092-4-0x0000000001000000-0x00000000010C2000-memory.dmp

      Filesize

      776KB

      Download

    • memory/1092-3-0x0000000001000000-0x00000000010C2000-memory.dmp

      Filesize

      776KB

      Download

    • memory/1092-5-0x0000000001000000-0x00000000010C2000-memory.dmp

      Filesize

      776KB

      Download

    • memory/1092-8-0x0000000001000000-0x00000000010C2000-memory.dmp

      Filesize

      776KB

      Download

    • memory/1092-12-0x0000000001000000-0x00000000010C2000-memory.dmp

      Filesize

      776KB

      Download

    • memory/1092-15-0x0000000001000000-0x00000000010C2000-memory.dmp

      Filesize

      776KB

      Download

    • memory/1168-13-0x0000000000400000-0x00000000004D3000-memory.dmp

      Filesize

      844KB

      Download