Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

64dadcb1b7...18.exe

windows7-x64

7

64dadcb1b7...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    22/07/2024, 21:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    64dadcb1b70b27eb630686898bd05da4_JaffaCakes118.exe

  • Size

    1.1MB

  • MD5

    64dadcb1b70b27eb630686898bd05da4

  • SHA1

    a1efde05f557c7a3ef40af5503068bdca77c21b5

  • SHA256

    432ea275e3524316b8b6cb19959b08bcda4fb6932052b976ba072d18f50048a4

  • SHA512

    cd721a4175fe86a9392689b5e9daefacc5664fff9d0e1baf869965a4649df50134dcab159a2dc9d12188bb0b1e566ec5af581f4847046cf7c76da7c6b686b231

  • SSDEEP

    24576:w5oJWJC8/Msb4o69Cfp2I4fkLD1/h5KqTWKBOdKieQKMMMMVxOk8j:w0WJ5p6pI4eD1/h5Kq6KwdKhQKMMMMVG

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\64dadcb1b70b27eb630686898bd05da4_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\64dadcb1b70b27eb630686898bd05da4_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1964
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\CCF0.tmp\[].BAT""
      2⤵
        PID:788

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\CCF0.tmp\[].BAT
      Filesize

      938B

      MD5

      ffdc4fc2bdd0e9791fafc3079137be57

      SHA1

      ffa0dd5c7da775a5f948dd951cc01bdc5e07dde5

      SHA256

      2e7b3b7abf42d450e4457da89f50713ddee10679ee4997d61e6f73029b6505c4

      SHA512

      8de47ec3c12b9ed7c6872fe436fe1037f298b2dfcd5e95f84f8c4526fc763ba5277bc7cb0690f4ccdcf898239118967cad152d848f8a5f084ba8e152059bd59b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\CCF0.tmp\b2e.dll
      Filesize

      31KB

      MD5

      7b860f28be19d4aef761fb991134a556

      SHA1

      0658a7456d0234dcca598b6ee599fe134d0ecd61

      SHA256

      57a2586d73188a694944c7da60c78380f82fac46452ed1a31c818ceb93e660bc

      SHA512

      a0685a25cbc3fff74aa4ad538ade5282242980f07fe1171e01644e0fa98e1ec6adc87b943290983f6fb5070d26fc15d697ae31a1f570e83e504ae1e4508aefa5

      Download Submit

    • memory/1964-0-0x0000000000400000-0x000000000085F000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/1964-26-0x0000000000400000-0x000000000085F000-memory.dmp

      Filesize

      4.4MB

      Download