Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

386e3ca3c4...18.exe

windows7-x64

3

386e3ca3c4...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    11/07/2024, 08:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    386e3ca3c4da724123dd6b5e956dfa79_JaffaCakes118.exe

  • Size

    118KB

  • MD5

    386e3ca3c4da724123dd6b5e956dfa79

  • SHA1

    37b5f080319a7756af3278309c70b07e3dd29e38

  • SHA256

    7e01330efa0b1b7b9f24e24aa022dcfbaccd02623a80aad112d832d1da892f2c

  • SHA512

    19b9410d7ad542d2a2c7067de27f0da7022e0f80d7635bebb137ee59766bc92b8fbfa284ad32a949f76ec43b12be70f0a3a900eec198ce2729a49268ec972d1d

  • SSDEEP

    3072:uW3lGFVOYZ17hTikSdqfYVGgNmBcEfTBZHbXCzCb:DiOYNTiT31NmSETzQs

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\386e3ca3c4da724123dd6b5e956dfa79_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\386e3ca3c4da724123dd6b5e956dfa79_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:780
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 36
      2⤵
      • Program crash
      PID:2468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/780-0-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download