Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

2eae0f59a0...18.exe

windows7-x64

7

2eae0f59a0...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/07/2024, 02:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2eae0f59a0c8436672b01fac33ab0cf7_JaffaCakes118.exe

  • Size

    266KB

  • MD5

    2eae0f59a0c8436672b01fac33ab0cf7

  • SHA1

    56a9dcd5a1ee241697413a49760789ecea97e061

  • SHA256

    0ea3c0aa204a8f0a12ae72610161b2b4cc24dfc0529bf357349efd2f4446995a

  • SHA512

    1aecda66db8802e9bdb780c67cf8e0e1a4b55afa94140fab28ad7d8db2f2b8c4f3937108862acd9ca119c163d235e2e4d37a052b9d5a5fc747a77f2315180aec

  • SSDEEP

    6144:DPT6+5GX5x0vHCw8r4ksloo4YHkAY3ZFSd7TaRGg6f70dQ:Dm+5GJxiCxnCYpFSERP6F

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2eae0f59a0c8436672b01fac33ab0cf7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2eae0f59a0c8436672b01fac33ab0cf7_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3960
    • C:\Users\Admin\AppData\Local\Temp\2eae0f59a0c8436672b01fac33ab0cf7_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\2eae0f59a0c8436672b01fac33ab0cf7_JaffaCakes118.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\2eae0f59a0c8436672b01fac33ab0cf7_JaffaCakes118.exe
    Filesize

    266KB

    MD5

    47f41986ad0ac2a8d6fd33131abc8be7

    SHA1

    cf071955f29991d0571432b9890354970c5136d9

    SHA256

    cc1e0e323e39677dacf33f1d452be1efc71717ff08edbcee00965317ea8e9583

    SHA512

    ba9bdcf23807965a0e7e928f0071675ab8cb73def8cf0d31bc9304895bb459e06248941a38c8ba26868d9acf115ba0a945e6697b496203c3a5dc05d1cedfa649

    Download Submit

  • memory/2396-14-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2396-21-0x00000000001A0000-0x00000000001C1000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2396-15-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2396-30-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/3960-0-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/3960-1-0x0000000001490000-0x00000000014B1000-memory.dmp

    Filesize

    132KB

    Download

  • memory/3960-2-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3960-13-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download