Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

639bdd2b5e...18.exe

windows7-x64

7

639bdd2b5e...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    22/07/2024, 14:51 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    639bdd2b5e4302d25873ff985cc76030_JaffaCakes118.exe

  • Size

    324KB

  • MD5

    639bdd2b5e4302d25873ff985cc76030

  • SHA1

    642d52be8fd08bd95a01880310dfa4a47877fc5e

  • SHA256

    1d939c5faac520dcb069e744e44acce19d5960cd90adb8ac700538d76bda36c9

  • SHA512

    7243028d38097b9905386c0b7c3fdf58242ca5e97a3572d0e4991fda35a0909dafebe8a06018cd6e9a37479bfb9083cbf15cba403b7f6d11fe3bbc39953b930a

  • SSDEEP

    6144:GgtmtlV5D4zwURRFWOEo0VOCs3vjY6b+MG30sCPE0W9CkAE+7bMdvHxkKA7vKZwW:rtmtX5szfRFkWfjY0+MG3XCPE0Pkvqo/

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx

Processes

  • C:\Users\Admin\AppData\Local\Temp\639bdd2b5e4302d25873ff985cc76030_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\639bdd2b5e4302d25873ff985cc76030_JaffaCakes118.exe"
    1⤵
      PID:2764

    Network

    • flag-us
      DNS
      google.com
      639bdd2b5e4302d25873ff985cc76030_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      google.com
      IN A
      Response
      google.com
      IN A
      142.250.200.46
    • flag-gb
      HEAD
      http://google.com/
      639bdd2b5e4302d25873ff985cc76030_JaffaCakes118.exe
      Remote address:
      142.250.200.46:80
      Request
      HEAD / HTTP/1.0
      Host: google.com
      Keep-Alive: 300
      Connection: keep-alive
      User-Agent: Mozilla/4.0 (compatible; Synapse)
      Response
      HTTP/1.0 302 Found
      Location: http://www.google.com/sorry/index?continue=http://google.com/&q=EgTCbg1GGLPo-bQGIjB5rrFxRBbAKzwU_zjB8fVXwy1G6POzozHR1yo7n3tuT9Jjn7QjTuj-5dGzNsNI4tYyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
      x-hallmonitor-challenge: CgsItOj5tAYQ28TUARIEwm4NRg
      Content-Type: text/html; charset=UTF-8
      Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-EVkh9JjU74EQ68BCYSVBiA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
      Date: Mon, 22 Jul 2024 15:01:08 GMT
      Server: gws
      Content-Length: 392
      X-XSS-Protection: 0
      X-Frame-Options: SAMEORIGIN
      Set-Cookie: AEC=AVYB7co7qk0GapdHLye5N1En_RAS7ERahQCBMEbJ9Hah62O0XaLgswPTaQ; expires=Sat, 18-Jan-2025 15:01:08 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
      Connection: Keep-Alive
    • flag-us
      DNS
      fastinst.com
      639bdd2b5e4302d25873ff985cc76030_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      fastinst.com
      IN A
      Response
    • flag-us
      DNS
      reshim-problemu.ru
      639bdd2b5e4302d25873ff985cc76030_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      reshim-problemu.ru
      IN A
      Response
    • 142.250.200.46:80
      http://google.com/
      http
      639bdd2b5e4302d25873ff985cc76030_JaffaCakes118.exe
      355 B
       1.1kB
       5
      4

      HTTP Request

      HEAD http://google.com/

      HTTP Response

      302
    • 8.8.8.8:53
      google.com
      dns
      639bdd2b5e4302d25873ff985cc76030_JaffaCakes118.exe
      56 B
       72 B
       1
      1

      DNS Request

      google.com

      DNS Response

      142.250.200.46

    • 8.8.8.8:53
      fastinst.com
      dns
      639bdd2b5e4302d25873ff985cc76030_JaffaCakes118.exe
      58 B
       131 B
       1
      1

      DNS Request

      fastinst.com

    • 8.8.8.8:53
      reshim-problemu.ru
      dns
      639bdd2b5e4302d25873ff985cc76030_JaffaCakes118.exe
      64 B
       125 B
       1
      1

      DNS Request

      reshim-problemu.ru

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2764-0-0x0000000000400000-0x00000000004C5000-memory.dmp

      Filesize

      788KB

      Download

    • memory/2764-1-0x0000000000230000-0x0000000000231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2764-2-0x0000000000400000-0x00000000004C5000-memory.dmp

      Filesize

      788KB

      Download

    • memory/2764-4-0x0000000000230000-0x0000000000231000-memory.dmp

      Filesize

      4KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.