Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
11/07/2024, 08:42 UTC
Static task
static1
Behavioral task
behavioral1
Sample
386e3ca3c4da724123dd6b5e956dfa79_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
386e3ca3c4da724123dd6b5e956dfa79_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
386e3ca3c4da724123dd6b5e956dfa79_JaffaCakes118.exe
-
Size
118KB
-
MD5
386e3ca3c4da724123dd6b5e956dfa79
-
SHA1
37b5f080319a7756af3278309c70b07e3dd29e38
-
SHA256
7e01330efa0b1b7b9f24e24aa022dcfbaccd02623a80aad112d832d1da892f2c
-
SHA512
19b9410d7ad542d2a2c7067de27f0da7022e0f80d7635bebb137ee59766bc92b8fbfa284ad32a949f76ec43b12be70f0a3a900eec198ce2729a49268ec972d1d
-
SSDEEP
3072:uW3lGFVOYZ17hTikSdqfYVGgNmBcEfTBZHbXCzCb:DiOYNTiT31NmSETzQs
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2468 780 WerFault.exe 30 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 780 wrote to memory of 2468 780 386e3ca3c4da724123dd6b5e956dfa79_JaffaCakes118.exe 31 PID 780 wrote to memory of 2468 780 386e3ca3c4da724123dd6b5e956dfa79_JaffaCakes118.exe 31 PID 780 wrote to memory of 2468 780 386e3ca3c4da724123dd6b5e956dfa79_JaffaCakes118.exe 31 PID 780 wrote to memory of 2468 780 386e3ca3c4da724123dd6b5e956dfa79_JaffaCakes118.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\386e3ca3c4da724123dd6b5e956dfa79_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\386e3ca3c4da724123dd6b5e956dfa79_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:780 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 362⤵
- Program crash
PID:2468
-