Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

47264e4166...18.exe

windows7-x64

7

47264e4166...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    14/07/2024, 22:59 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    47264e4166abd279eaafb895663b4d69_JaffaCakes118.exe

  • Size

    73KB

  • MD5

    47264e4166abd279eaafb895663b4d69

  • SHA1

    424885bdb3b3d1716cd6c89e6c7f2f2e27a28d03

  • SHA256

    f4e2b0088afc7f1f340d2235ff662acbd246736c135eadc18015899f89bd6e14

  • SHA512

    11b4fd96b31ab026aff9b5540ea596b43825d76141aa18667fd1174c5d38160173fb81af9dbb3b9f2b8c92feb5fbaa1fc9dfd07627da970bad22c0b1cd0213fe

  • SSDEEP

    1536:PsqW3CgBWgZrwHRbQs6tLOtx2uTej1IjExjTQcq0Faof4LgK:dW3rBWgZ0GNL02uTeZzxY0aCEx

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\47264e4166abd279eaafb895663b4d69_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\47264e4166abd279eaafb895663b4d69_JaffaCakes118.exe"
    1⤵
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2168
    • C:\Windows\SysWOW64\svchost.exe
      svchost.exe
      2⤵
        PID:1328

    Network

    • flag-us
      DNS
      slade.safehousenumber.com
      svchost.exe
      Remote address:
      8.8.8.8:53
      Request
      slade.safehousenumber.com
      IN A
      Response
      slade.safehousenumber.com
      IN A
      44.221.84.105
    • flag-us
      DNS
      murik.portal-protection.net.ru
      svchost.exe
      Remote address:
      8.8.8.8:53
      Request
      murik.portal-protection.net.ru
      IN A
      Response
    • flag-us
      DNS
      world.rickstudio.ru
      svchost.exe
      Remote address:
      8.8.8.8:53
      Request
      world.rickstudio.ru
      IN A
      Response
    • flag-us
      DNS
      world.rickstudio.ru
      svchost.exe
      Remote address:
      8.8.8.8:53
      Request
      world.rickstudio.ru
      IN A
    • flag-us
      DNS
      world.rickstudio.ru
      svchost.exe
      Remote address:
      8.8.8.8:53
      Request
      world.rickstudio.ru
      IN A
    • flag-us
      DNS
      world.rickstudio.ru
      svchost.exe
      Remote address:
      8.8.8.8:53
      Request
      world.rickstudio.ru
      IN A
    • flag-us
      DNS
      banana.cocolands.su
      svchost.exe
      Remote address:
      8.8.8.8:53
      Request
      banana.cocolands.su
      IN A
      Response
    • flag-us
      DNS
      portal.roomshowerbord.com
      svchost.exe
      Remote address:
      8.8.8.8:53
      Request
      portal.roomshowerbord.com
      IN A
      Response
      portal.roomshowerbord.com
      IN A
      193.166.255.171
    No results found
    • 8.8.8.8:53
      slade.safehousenumber.com
      dns
      svchost.exe
      71 B
       87 B
       1
      1

      DNS Request

      slade.safehousenumber.com

      DNS Response

      44.221.84.105

    • 44.221.84.105:12200
      slade.safehousenumber.com
      svchost.exe
      49 B
       1
    • 8.8.8.8:53
      murik.portal-protection.net.ru
      dns
      svchost.exe
      76 B
       145 B
       1
      1

      DNS Request

      murik.portal-protection.net.ru

    • 8.8.8.8:53
      world.rickstudio.ru
      dns
      svchost.exe
      260 B
       126 B
       4
      1

      DNS Request

      world.rickstudio.ru

      DNS Request

      world.rickstudio.ru

      DNS Request

      world.rickstudio.ru

      DNS Request

      world.rickstudio.ru

    • 8.8.8.8:53
      banana.cocolands.su
      dns
      svchost.exe
      65 B
       126 B
       1
      1

      DNS Request

      banana.cocolands.su

    • 8.8.8.8:53
      portal.roomshowerbord.com
      dns
      svchost.exe
      71 B
       87 B
       1
      1

      DNS Request

      portal.roomshowerbord.com

      DNS Response

      193.166.255.171

    • 193.166.255.171:12200
      portal.roomshowerbord.com
      svchost.exe
      49 B
       1

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1328-3-0x0000000000080000-0x0000000000089000-memory.dmp

      Filesize

      36KB

      Download

    • memory/1328-4-0x0000000000080000-0x0000000000089000-memory.dmp

      Filesize

      36KB

      Download

    • memory/1328-7-0x00000000006C0000-0x00000000006C8000-memory.dmp

      Filesize

      32KB

      Download

    • memory/1328-6-0x00000000006C2000-0x00000000006C3000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2168-0-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2168-1-0x0000000000220000-0x0000000000222000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2168-5-0x0000000000400000-0x0000000000414000-memory.dmp

      Filesize

      80KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.