Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

3d1d92d81b...118.js

windows7-x64

3

3d1d92d81b...118.js

windows10-2004-x64

8

Analysis

  • max time kernel
    16s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    12/07/2024, 11:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3d1d92d81b2ab1b798b311c88d71f0a2_JaffaCakes118.js

  • Size

    160B

  • MD5

    3d1d92d81b2ab1b798b311c88d71f0a2

  • SHA1

    31909a96285aee1ca5d236b33ae5b2f69e2f8c08

  • SHA256

    1f0c99c548de07ae2c45b0ea19bab0f054b27966eabc1933544a1490aff1c694

  • SHA512

    dbbc91c5d1edf614b9b782421c532b6789108065fd339775804468acc0309f7fbc14f1d1b70f83923c0286bfcd4001118d002a553ce68e21e8e5af5f1491559d

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\3d1d92d81b2ab1b798b311c88d71f0a2_JaffaCakes118.js
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1740
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $ff = curl https://google.com; echo $ff;
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2280

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2280-4-0x000007FEF455E000-0x000007FEF455F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2280-5-0x000000001B730000-0x000000001BA12000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2280-6-0x0000000002340000-0x0000000002348000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2280-7-0x000007FEF42A0000-0x000007FEF4C3D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2280-8-0x000007FEF42A0000-0x000007FEF4C3D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2280-10-0x000007FEF42A0000-0x000007FEF4C3D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2280-9-0x000007FEF42A0000-0x000007FEF4C3D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2280-11-0x000007FEF42A0000-0x000007FEF4C3D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2280-12-0x000007FEF42A0000-0x000007FEF4C3D000-memory.dmp

    Filesize

    9.6MB

    Download