Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
12/07/2024, 16:38
Static task
static1
Behavioral task
behavioral1
Sample
3e1736569e7e6b8af4ef2695bcecf291_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
3e1736569e7e6b8af4ef2695bcecf291_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
3e1736569e7e6b8af4ef2695bcecf291_JaffaCakes118.exe
-
Size
291KB
-
MD5
3e1736569e7e6b8af4ef2695bcecf291
-
SHA1
a730fc2e102cb0425c2fe3e475e10b3450d966c1
-
SHA256
022b8ff4a5ce0d8441714dc40f569ea1637bcc518d4c6fde44874464428119f7
-
SHA512
03b5caeb205ebe55919679213562a30b943394d73c64bb45223bf37f4d8f6c2b28a72a4567519005b520b97efb5bab7c4638f5f8972322a7a421860712c2b75d
-
SSDEEP
6144:uQccOgOaGX08fw8uG/mxqZ0YCy/eP/wNZfRRmukNhpw+Uc:uLci7kKw8XmydK/g/Rmtw+Uc
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2324 E2B1.tmp -
Loads dropped DLL 3 IoCs
pid Process 2152 3e1736569e7e6b8af4ef2695bcecf291_JaffaCakes118.exe 2152 3e1736569e7e6b8af4ef2695bcecf291_JaffaCakes118.exe 2152 3e1736569e7e6b8af4ef2695bcecf291_JaffaCakes118.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2152 3e1736569e7e6b8af4ef2695bcecf291_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2152 wrote to memory of 2324 2152 3e1736569e7e6b8af4ef2695bcecf291_JaffaCakes118.exe 29 PID 2152 wrote to memory of 2324 2152 3e1736569e7e6b8af4ef2695bcecf291_JaffaCakes118.exe 29 PID 2152 wrote to memory of 2324 2152 3e1736569e7e6b8af4ef2695bcecf291_JaffaCakes118.exe 29 PID 2152 wrote to memory of 2324 2152 3e1736569e7e6b8af4ef2695bcecf291_JaffaCakes118.exe 29 PID 2152 wrote to memory of 2832 2152 3e1736569e7e6b8af4ef2695bcecf291_JaffaCakes118.exe 30 PID 2152 wrote to memory of 2832 2152 3e1736569e7e6b8af4ef2695bcecf291_JaffaCakes118.exe 30 PID 2152 wrote to memory of 2832 2152 3e1736569e7e6b8af4ef2695bcecf291_JaffaCakes118.exe 30 PID 2152 wrote to memory of 2832 2152 3e1736569e7e6b8af4ef2695bcecf291_JaffaCakes118.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\3e1736569e7e6b8af4ef2695bcecf291_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3e1736569e7e6b8af4ef2695bcecf291_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2152 -
C:\Users\Admin\AppData\Local\Temp\E2B1.tmpC:\Users\Admin\AppData\Local\Temp\E2B1.tmp2⤵
- Executes dropped EXE
PID:2324
-
-
C:\Users\Admin\AppData\Local\Temp\3e1736569e7e6b8af4ef2695bcecf291_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3e1736569e7e6b8af4ef2695bcecf291_JaffaCakes118.exe" --cp "C:\Users\Admin\AppData\Local\Temp\E31F.tmp"2⤵PID:2832
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
291KB
MD5ab440d023eb5aaa4896b06a02c27c1db
SHA1f39feecfcdfb2c21587139beb043ef31fbcfc624
SHA256121d0ed1eef49a3947ea102bf515b0ba393f93cc9d876c4dc5d797b777b685ab
SHA512a5acd5c789dac196dfc5ad69e85d53c61def2a2fac6c27d51dec4a0770892ad7103436212d8b1ecd52b02a4214812c6540dfd14ab8252ce40c2997a5734dc243
-
Filesize
243KB
MD5042be06245073b2ee3014454e6d6bfb8
SHA17807c90496ced5a1a6f04f985f12fbc386c70c33
SHA2568b1c3f0b5ff6061b63ede6f448aaecb7403e182eadcb6c1acfad37aa8b19b88d
SHA51286aca1f9d82754386a2a0449f07ed84068deb6a4995f71ad13100ca111f24f03b363aa3363819185e98b54c2408915a7872f8a51d4cf7a91c94319fec353e2ee