Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

2ffc1754ab...18.exe

windows7-x64

1

2ffc1754ab...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    92s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/07/2024, 10:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2ffc1754abfdd9ba1208cf64001c64a0_JaffaCakes118.exe

  • Size

    25KB

  • MD5

    2ffc1754abfdd9ba1208cf64001c64a0

  • SHA1

    55fd0f1dae2e88a65ba28d339d427922ff106689

  • SHA256

    458ef20cb1d2903a9d5025e3ce9f1ab715ec96dde0fca294daed15007ef6a61f

  • SHA512

    8ac4e572ed1570731528fb95bd88fae55630132621741b303adcdaf70b3f95445200e267efd0921bbbda0560703fafaf7d050051b1976f765565c0983faa778b

  • SSDEEP

    192:iWovrqyS06V/YJs0nuVoeVqFow6G7e2B0pZHaMYwrBR+lF0VoSN/5G9wywaqL/sx:dMuX5oF/MYyBRzN/5G9wpL0lHipIp

Score
3/10

Malware Config

Signatures

  • Program crash 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2ffc1754abfdd9ba1208cf64001c64a0_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2ffc1754abfdd9ba1208cf64001c64a0_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1828
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 1960
      2⤵
      • Program crash
      PID:788
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 1968
      2⤵
      • Program crash
      PID:4044
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1828 -ip 1828
    1⤵
      PID:3040
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 1828 -ip 1828
      1⤵
        PID:2728

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3QU26HOG\showthread[1].htm
        Filesize

        18KB

        MD5

        91f6f1ca2e45c96cc5a5cac15556ae13

        SHA1

        f269c54f879f5d79f5c751ee1f71846bbba1e489

        SHA256

        29fb39f90a15c6bb1215dfe19961c1b1657f72f8b6a51167ba08deccfd29f3d2

        SHA512

        d064547707737142a89fb11c5c84aca376817508f8d461c36ac8df234e2bce96c1bc9cabfacbf093f2c2dde00474b39908341c180acd979a3c303ef0b53cb84c

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\~!#96B6.tmp
        Filesize

        18KB

        MD5

        c7fa1572f52604c9b7043261b40318d1

        SHA1

        b0d0882b1a98e8712e91b2f071d80d4b584d3ff6

        SHA256

        3c00b583e345ef2f970ae63979fb9d04869050bfa67a4a9f1369489855618308

        SHA512

        5b96c6f31528e78e2c292ba068d191233f90de29032dc9e17ac142d757a33c602c72777ebc0397a074513537eb2f4138c3eaf25cfbab75380565e907acc5ca33

        Download Submit

      • memory/1828-0-0x0000000002170000-0x0000000002172000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1828-253-0x0000000002170000-0x0000000002172000-memory.dmp

        Filesize

        8KB

        Download