Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
22/07/2024, 08:43
Static task
static1
Behavioral task
behavioral1
Sample
628e343b339519e55306e0b4d90aac35_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
628e343b339519e55306e0b4d90aac35_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
628e343b339519e55306e0b4d90aac35_JaffaCakes118.exe
-
Size
122KB
-
MD5
628e343b339519e55306e0b4d90aac35
-
SHA1
6e1af45f04b2bd42ab6bf8eb353d2db254eee398
-
SHA256
2c9cbe4df1edc3f8caf0164843b818e51893993d88d27015e9a79120069ca25e
-
SHA512
a92e7532c40d190f2d239c5e5019196a82b13a8c8fc9f5a7b1edd6646af5d8d7f2e03b69e1605bf781b1bb2cf1ad3dce67637254b33e6f1ed1d9f63993c63bd2
-
SSDEEP
3072:lGu8TjQmQq1gih6bRflst38O/2e1dHaUvwgu+DRokRQc:kuMaYgbqt2ehBGgR7
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2212 2.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File created C:\Windows\2.exe 628e343b339519e55306e0b4d90aac35_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
pid pid_target Process procid_target 1336 2212 WerFault.exe 29 -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2476 628e343b339519e55306e0b4d90aac35_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2476 wrote to memory of 2212 2476 628e343b339519e55306e0b4d90aac35_JaffaCakes118.exe 29 PID 2476 wrote to memory of 2212 2476 628e343b339519e55306e0b4d90aac35_JaffaCakes118.exe 29 PID 2476 wrote to memory of 2212 2476 628e343b339519e55306e0b4d90aac35_JaffaCakes118.exe 29 PID 2476 wrote to memory of 2212 2476 628e343b339519e55306e0b4d90aac35_JaffaCakes118.exe 29 PID 2212 wrote to memory of 1336 2212 2.exe 30 PID 2212 wrote to memory of 1336 2212 2.exe 30 PID 2212 wrote to memory of 1336 2212 2.exe 30 PID 2212 wrote to memory of 1336 2212 2.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\628e343b339519e55306e0b4d90aac35_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\628e343b339519e55306e0b4d90aac35_JaffaCakes118.exe"1⤵
- Drops file in Windows directory
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2476 -
C:\Windows\2.exe"C:\Windows\2.exe"2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2212 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 363⤵
- Program crash
PID:1336
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
112KB
MD5a44668c37d50b8ce98ad2e8901f54271
SHA16ea3c56b8f95035a549688c7f5d99866dd5ac70a
SHA256011308354c503c06f7e5d1dbf58dfd96d10a07d447d5831e665fa8fcb341424e
SHA5125682868afa914d2d11dc9ed17a99da2a9d85136c1209eb964267aec203e172beace3449a14f2118dbc10ad5e5106bf539a20573acdac46302c29aab5c08415b6