Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    140s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    13/07/2024, 02:28

General

  • Target

    3fd4e785168b88467ae7b9a827014cc0_JaffaCakes118.exe

  • Size

    17KB

  • MD5

    3fd4e785168b88467ae7b9a827014cc0

  • SHA1

    49c21232049d4d3196b0c081c3be2d2044bab1c7

  • SHA256

    505854bdf78e01d0770dfe7df298d9544c2c6777208ed5fdee64025b4371516d

  • SHA512

    8e3f21ca1e29686f6c7d64c905f0ef4571964a5b82b5776a40747815dde9d546c63f28774cd9dd520cbfb11f9a6bd2e5139b02242654f2105b0e25ab5673b327

  • SSDEEP

    384:cBrXX0D2MZtDFCHv8hX3wNqJlruDzD0cPy5iYxA2L0U:WItDFkv+XfJl6DMc3YdX

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3fd4e785168b88467ae7b9a827014cc0_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd4e785168b88467ae7b9a827014cc0_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1732
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 36
      2⤵
      • Program crash
      PID:2912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1732-3-0x000000000F621000-0x000000000F62B000-memory.dmp

    Filesize

    40KB

  • memory/1732-2-0x000000000F620000-0x000000000F62F000-memory.dmp

    Filesize

    60KB

  • memory/1732-1-0x000000000F620000-0x000000000F62F000-memory.dmp

    Filesize

    60KB

  • memory/1732-0-0x000000000F620000-0x000000000F62F000-memory.dmp

    Filesize

    60KB