Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

6409618674...18.exe

windows7-x64

7

6409618674...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    22/07/2024, 17:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    64096186747c468b881e47631bac27d8_JaffaCakes118.exe

  • Size

    104KB

  • MD5

    64096186747c468b881e47631bac27d8

  • SHA1

    76f2b6692f3df55d9bc718b98420da165ec88b2d

  • SHA256

    c512f055fb57f01079d8aac0ef5e81d4a05e4b07f05cf6b7d6d7c3dc1b6fa6a1

  • SHA512

    d394b8880eb5b66d675b1ad2e1680c3bfdbe79b023df5123b5823a8d7dd1cb9303c5b46858adacb26b52af500819ede2b69f3bfe7c856b3e9787013356ac6ec8

  • SSDEEP

    3072:SRPaDGQ38aV8f9rH1gmr7EtJqmieo6Sc4:QPwGQ3V6lb1jrkJqZbc4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\64096186747c468b881e47631bac27d8_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\64096186747c468b881e47631bac27d8_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:1580
    • C:\Windows\rb.exe
      "C:\Windows\rb.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2972
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 36
        3⤵
        • Program crash
        PID:2332

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\rb.exe
    Filesize

    91KB

    MD5

    53c206ec8f1f3733f723fbcec939bff5

    SHA1

    08ab83463d09d8c13f8f0f6e9a468a1b9aa35a99

    SHA256

    ea3f0a432fdcd686979692a1006d3848a987b32dc24938f79c02a2f7362cee72

    SHA512

    624d5728aa723215f1fda277871ed33c06a4047f9ef97deb45bef2c6e7d7c0c5811e71243771f0233a8e675d5026f27d3f0f14bb040588af2dc93a9bbc81d167

    Download Submit

  • memory/1580-1-0x0000000000400000-0x000000000041C200-memory.dmp

    Filesize

    112KB

    Download

  • memory/1580-9-0x0000000002A20000-0x0000000002A51000-memory.dmp

    Filesize

    196KB

    Download

  • memory/1580-8-0x0000000002A20000-0x0000000002A51000-memory.dmp

    Filesize

    196KB

    Download

  • memory/1580-11-0x0000000000400000-0x000000000041C200-memory.dmp

    Filesize

    112KB

    Download

  • memory/1580-13-0x0000000002A20000-0x0000000002A51000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2972-10-0x0000000000400000-0x0000000000431000-memory.dmp

    Filesize

    196KB

    Download