Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
13/07/2024, 02:28
Static task
static1
Behavioral task
behavioral1
Sample
3fd4e785168b88467ae7b9a827014cc0_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
3fd4e785168b88467ae7b9a827014cc0_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
3fd4e785168b88467ae7b9a827014cc0_JaffaCakes118.exe
-
Size
17KB
-
MD5
3fd4e785168b88467ae7b9a827014cc0
-
SHA1
49c21232049d4d3196b0c081c3be2d2044bab1c7
-
SHA256
505854bdf78e01d0770dfe7df298d9544c2c6777208ed5fdee64025b4371516d
-
SHA512
8e3f21ca1e29686f6c7d64c905f0ef4571964a5b82b5776a40747815dde9d546c63f28774cd9dd520cbfb11f9a6bd2e5139b02242654f2105b0e25ab5673b327
-
SSDEEP
384:cBrXX0D2MZtDFCHv8hX3wNqJlruDzD0cPy5iYxA2L0U:WItDFkv+XfJl6DMc3YdX
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2912 1732 WerFault.exe 29 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1732 wrote to memory of 2912 1732 3fd4e785168b88467ae7b9a827014cc0_JaffaCakes118.exe 30 PID 1732 wrote to memory of 2912 1732 3fd4e785168b88467ae7b9a827014cc0_JaffaCakes118.exe 30 PID 1732 wrote to memory of 2912 1732 3fd4e785168b88467ae7b9a827014cc0_JaffaCakes118.exe 30 PID 1732 wrote to memory of 2912 1732 3fd4e785168b88467ae7b9a827014cc0_JaffaCakes118.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\3fd4e785168b88467ae7b9a827014cc0_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3fd4e785168b88467ae7b9a827014cc0_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1732 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 362⤵
- Program crash
PID:2912
-