Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    16s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    13/07/2024, 08:22

General

  • Target

    40e8d4bf264e5e962a2c4f6c7aa99927_JaffaCakes118.exe

  • Size

    30KB

  • MD5

    40e8d4bf264e5e962a2c4f6c7aa99927

  • SHA1

    5a6e939ffa3dd4504ee5dbcab1eb0147afd3aab7

  • SHA256

    46f2d612d71395ae3e5b8efaf60c7d586df2d53224e6acc470d0f4f3bebf601e

  • SHA512

    4416aa0d7abd033ec7bd6536ea937aaa1f6f6b9fe4a98a16f3bb6f08511d2c96dba6f977484923d0e1c4f797da85cb673c46e66b3edee62f4a87cacf262c5497

  • SSDEEP

    768:8f+bwxTZYnro1TctKm3lUGCltvtvoj2k8b1dLxsha5Ac:lwhZL1w9OvlXofKWhc

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 1 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1388
      • C:\Users\Admin\AppData\Local\Temp\40e8d4bf264e5e962a2c4f6c7aa99927_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\40e8d4bf264e5e962a2c4f6c7aa99927_JaffaCakes118.exe"
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:2840

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1388-2-0x0000000013140000-0x0000000013156000-memory.dmp

      Filesize

      88KB

    • memory/2840-4-0x0000000013140000-0x0000000013156000-memory.dmp

      Filesize

      88KB