Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    130s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    11/07/2024, 21:30 UTC

General

  • Target

    3ac80ff075325879d39098766427d623_JaffaCakes118.exe

  • Size

    48KB

  • MD5

    3ac80ff075325879d39098766427d623

  • SHA1

    52df3ecab8c407f1e7b90a7070224fefe6679e91

  • SHA256

    0a6b0930b3b54f5cd5e640e259f27f3feb089785619e1b2ec9abeb1c2ce0834d

  • SHA512

    f7ac8f9ce751d9df8ffa3a9e947d04ae15be71808cf902715f90267f80a3908c5ca0dcaff0a9254ed14775a2447800adffe22080d04827e57c997050012abc9e

  • SSDEEP

    1536:nxQP4OUMAFlmsDZVn5Yxbz+YRYOzyuqout:xQP4OUMYlmsDrajtlq

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3ac80ff075325879d39098766427d623_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3ac80ff075325879d39098766427d623_JaffaCakes118.exe"
    1⤵
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1680
    • C:\Windows\SysWOW64\ctfmon.exe
      ctfmon.exe
      2⤵
        PID:2496
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\xzbA48A.cmd" "
        2⤵
        • Deletes itself
        PID:2104

    Network

      No results found
    • 92.241.163.63:80
      3ac80ff075325879d39098766427d623_JaffaCakes118.exe
      152 B
      3
    • 92.241.163.63:80
      3ac80ff075325879d39098766427d623_JaffaCakes118.exe
      152 B
      3
    • 92.241.163.64:80
      3ac80ff075325879d39098766427d623_JaffaCakes118.exe
      152 B
      3
    • 92.241.163.64:80
      3ac80ff075325879d39098766427d623_JaffaCakes118.exe
      152 B
      3
    • 92.241.163.65:80
      3ac80ff075325879d39098766427d623_JaffaCakes118.exe
      152 B
      3
    • 92.241.163.65:80
      3ac80ff075325879d39098766427d623_JaffaCakes118.exe
      152 B
      3
    No results found

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\xzbA48A.cmd

      Filesize

      304B

      MD5

      41586b9563545710b49f9a30c737108a

      SHA1

      c19c5ceb70a54cff7d956a94f03f1d020a53ee3e

      SHA256

      27cce3544e2a105c519d6c8affceea69bbdf93e24dcee6b81cf11f53ddb23275

      SHA512

      aade9b4034af0524e8dca9321f386c7ddf81d67f0f6e1379cef7ae0238aa890c8b6892507ded3d81c83f048397fbb48af116909bd880dae2fa13ec818b185e2d

    • memory/1680-0-0x0000000000400000-0x000000000041A000-memory.dmp

      Filesize

      104KB

    • memory/1680-1-0x0000000000400000-0x000000000041A000-memory.dmp

      Filesize

      104KB

    • memory/1680-5-0x0000000000400000-0x000000000041A000-memory.dmp

      Filesize

      104KB

    • memory/1680-9-0x0000000000400000-0x000000000041A000-memory.dmp

      Filesize

      104KB

    • memory/1680-22-0x0000000000400000-0x000000000041A000-memory.dmp

      Filesize

      104KB

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.