Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

49666e1780...18.exe

windows7-x64

7

49666e1780...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    15/07/2024, 10:31 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    49666e1780b00aee041283aaace97142_JaffaCakes118.exe

  • Size

    300KB

  • MD5

    49666e1780b00aee041283aaace97142

  • SHA1

    4812e9a334ac2c0e1f918ba648d4bdaf8f2c93d5

  • SHA256

    8b89ed0db66936f8bb498fabcecd897ef9dea40250e0f6acc436699a79512804

  • SHA512

    ba215f3761dbfe8bda453af66596bd2c31c7f8a13787e9cd7ea84af790a706622fcf2749bd9fe78137f2bf598afc8ce9b643250f448fb0cdd8e793396a8d61cb

  • SSDEEP

    6144:knsd1jUrCQaFDDUAMnAWIOS47gIFzA92htyxiQQy1ZDKem3qA:knCjU+NFntulIYM2A9GVQQyfDpm3

Score
7/10
themida

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Themida packer 4 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\49666e1780b00aee041283aaace97142_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\49666e1780b00aee041283aaace97142_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1952
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c del /F "C:\Users\Admin\AppData\Local\Temp\49666e1780b00aee041283aaace97142_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      PID:2012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1952-0-0x0000000000400000-0x00000000005051F8-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1952-2-0x0000000000400000-0x00000000005051F8-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1952-1-0x0000000000400000-0x00000000005051F8-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1952-6-0x0000000000290000-0x0000000000291000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1952-8-0x0000000000400000-0x00000000005051F8-memory.dmp

    Filesize

    1.0MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.