Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

59cb2ee7fe...18.exe

windows7-x64

8

59cb2ee7fe...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/07/2024, 00:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    59cb2ee7fe981360d5d59f1db137fcd2_JaffaCakes118.exe

  • Size

    548KB

  • MD5

    59cb2ee7fe981360d5d59f1db137fcd2

  • SHA1

    997a93b61b532098d501bed3d102215728d7bff8

  • SHA256

    6bede486f098902186630667977203f607dc0046af1ff3eb007104bdaa0015d8

  • SHA512

    570cc815876b4c316dc0cb937e582715d9101a31d46fc45fc528d9a96e5f8730cc1d00511dc4c8b630753f88de878b877ccbfd6c7845b473f0350d959e6d9509

  • SSDEEP

    6144:gQp+JNxNQl47Rdom4QRmzidNbd5jxNCpfH:gi+Xx+0ym4QR1dNb3jxABH

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\59cb2ee7fe981360d5d59f1db137fcd2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\59cb2ee7fe981360d5d59f1db137fcd2_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4900
    • C:\952_952.exe
      "C:\952_952.exe"
      2⤵
      • Executes dropped EXE
      PID:4852

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4852-9-0x0000000000400000-0x000000000584E000-memory.dmp

    Filesize

    84.3MB

    Download