Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

5d8004040c...18.exe

windows7-x64

7

5d8004040c...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/07/2024, 20:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5d8004040cfbd8718d9922b20f9485c6_JaffaCakes118.exe

  • Size

    323KB

  • MD5

    5d8004040cfbd8718d9922b20f9485c6

  • SHA1

    dd9e37a893068d0660980513c7aa89a49b0b0cf7

  • SHA256

    f25e3d83c71de79521f9e88b9c1c25c7f7c3c40b1339a1791f31561f798d6f7b

  • SHA512

    12af30b1f94f6b5598ab311c9acc8e78b91ed5d79485a6b915dbb8dfe5e70f15e09c89c492780a0f5c8552115c8d695cbaab282c045d9c09c250f54fb47047fa

  • SSDEEP

    1536:qQvBHZgFLJzSLWTV/y45BnD8SlNDSzvHF5OaeCCVpguN4eSe+eooOoaoCoCo0oB+:9hZgFLGS/y45BAso

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5d8004040cfbd8718d9922b20f9485c6_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5d8004040cfbd8718d9922b20f9485c6_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1504
    • C:\Windows\SysWOW64\wscript.exe
      /nologo C:\WINDOWS\zxcv.vbs
      2⤵
        PID:1252
      • C:\Users\Admin\AppData\Local\Temp\DelC1F8.tmp
        C:\Users\Admin\AppData\Local\Temp\DelC1F8.tmp 492 "C:\Users\Admin\AppData\Local\Temp\5d8004040cfbd8718d9922b20f9485c6_JaffaCakes118.exe"
        2⤵
        • Deletes itself
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:2572
        • C:\Windows\SysWOW64\wscript.exe
          /nologo C:\WINDOWS\zxcv.vbs
          3⤵
            PID:2608

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\DelC1F8.tmp
        Filesize

        323KB

        MD5

        5d8004040cfbd8718d9922b20f9485c6

        SHA1

        dd9e37a893068d0660980513c7aa89a49b0b0cf7

        SHA256

        f25e3d83c71de79521f9e88b9c1c25c7f7c3c40b1339a1791f31561f798d6f7b

        SHA512

        12af30b1f94f6b5598ab311c9acc8e78b91ed5d79485a6b915dbb8dfe5e70f15e09c89c492780a0f5c8552115c8d695cbaab282c045d9c09c250f54fb47047fa

        Download Submit

      • C:\WINDOWS\zxcv.vbs
        Filesize

        266KB

        MD5

        e54857b4590a2097ae9c67d700aa0366

        SHA1

        3afeac8582f22e5af9bf8fc6bb45f0c85357dac7

        SHA256

        79f7d1725133388d18b976f6e2fd89813d57aa6c809939f7c4526cf1e2e312ae

        SHA512

        04d0aef7adec0d2d7f674fbf577a2295098f06cd1b4e9b311d4f62fb6c5c4e592f7666c01ceefc9677fdde42f6dca4a6e3376152f7d7a7b9e0d77fc49f4f322d

        Download Submit