Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    12/07/2024, 20:29

General

  • Target

    3ec64c86dad989b8819748459130165b_JaffaCakes118.exe

  • Size

    24KB

  • MD5

    3ec64c86dad989b8819748459130165b

  • SHA1

    bb0244dd4cdbcfbdbaac39151520ae52279164bb

  • SHA256

    5b1aab8130a4f550bdca9e56b5c9eb70f38ef0e32785cbde98e358af8cea3da4

  • SHA512

    79f6df7dab0d14156fa622b931c6d85fd8ff3c874374e568d7e0a9cdb11db3c69faab179b8f42488fc27a9e4687657d74e7bcc5678365bcb0ac97207b1976fb9

  • SSDEEP

    192:Reh2lAAMaGxJst6DAMzkOrnF4xDA8Hpncj9zHJ+WQ4Ti461oyaZb77oE:R4iC8MtF4xDAykJQ4G461QZv7p

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Drops file in Windows directory 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3ec64c86dad989b8819748459130165b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3ec64c86dad989b8819748459130165b_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:464
    • C:\Users\Admin\AppData\Local\Temp\3ec64c86dad989b8819748459130165b_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\3ec64c86dad989b8819748459130165b_JaffaCakes118.exe"
      2⤵
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2368
      • C:\Windows\Googlehq.exe
        "C:\Windows\Googlehq.exe"
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2548
        • C:\Windows\Googlehq.exe
          "C:\Windows\Googlehq.exe"
          4⤵
          • Deletes itself
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          PID:1544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MyTemp

    Filesize

    84B

    MD5

    a68d1718a598afa5b22bc22061b6ed22

    SHA1

    7f798bcffac5356215a993f1d10b5b4b835b4747

    SHA256

    36747539c24d7b71c0e6f842019030d5d0c8ed082dedc1e8db98484bd1706d42

    SHA512

    ca2b72020d01277b00153a049d2c0b3362b2f3e962eb58f22b9ea0f03faa74fcddf436535fe4262930e26e23a1358772124bf76e7acd332bff1e0ff0ff5c059f

  • C:\Windows\Googlehq.exe

    Filesize

    8.7MB

    MD5

    3eb8d734833e1d174292e31c46d8ead0

    SHA1

    e1b9a2d31fdec92def65fcf41574253dd83cc989

    SHA256

    404081de02542cc3927c29a492315ae06e4517f03e8ee2b47ad8ae27651ed67b

    SHA512

    c193308c25fbcc51d15a3bce12c3485dd35d9ad056c0af679c11b2b472bc7d4f16a0bc03174642e4c612a7307e1deb53d500c0dfac9ddb8eed94b67e9e24fe70