Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
23/07/2024, 09:38
Static task
static1
Behavioral task
behavioral1
Sample
670d09cb80ff2435e3976253ef231357_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
670d09cb80ff2435e3976253ef231357_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
670d09cb80ff2435e3976253ef231357_JaffaCakes118.exe
-
Size
14.0MB
-
MD5
670d09cb80ff2435e3976253ef231357
-
SHA1
694e711650bffa261a1a39f08dd939b9fdb298c5
-
SHA256
36af732ab60477ac753e2a6f351d8ce3c890c956d59d3d67d3b67de9ef3eaab0
-
SHA512
b58dda29d0d83b59449274503e8efa02ad341a6849954db1da0865525f782fc00ae888e6b5a150f6eb3b4a572bf901521e5afcac8e3905db3f68e5af1a8eabab
-
SSDEEP
196608:oL0LNLnZLcLo1L0LNLnsLNL4LfsLN0LNLnsLNLO:q
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2968 zayxz.exe -
Loads dropped DLL 2 IoCs
pid Process 1176 670d09cb80ff2435e3976253ef231357_JaffaCakes118.exe 1176 670d09cb80ff2435e3976253ef231357_JaffaCakes118.exe -
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 1176 set thread context of 2968 1176 670d09cb80ff2435e3976253ef231357_JaffaCakes118.exe 31 -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 1176 670d09cb80ff2435e3976253ef231357_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1176 wrote to memory of 2968 1176 670d09cb80ff2435e3976253ef231357_JaffaCakes118.exe 31 PID 1176 wrote to memory of 2968 1176 670d09cb80ff2435e3976253ef231357_JaffaCakes118.exe 31 PID 1176 wrote to memory of 2968 1176 670d09cb80ff2435e3976253ef231357_JaffaCakes118.exe 31 PID 1176 wrote to memory of 2968 1176 670d09cb80ff2435e3976253ef231357_JaffaCakes118.exe 31 PID 1176 wrote to memory of 2968 1176 670d09cb80ff2435e3976253ef231357_JaffaCakes118.exe 31 PID 1176 wrote to memory of 2968 1176 670d09cb80ff2435e3976253ef231357_JaffaCakes118.exe 31 PID 1176 wrote to memory of 2968 1176 670d09cb80ff2435e3976253ef231357_JaffaCakes118.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\670d09cb80ff2435e3976253ef231357_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\670d09cb80ff2435e3976253ef231357_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1176 -
C:\Users\Admin\AppData\Local\Temp\zayxz.exeC:\Users\Admin\AppData\Local\Temp\zayxz.exe2⤵
- Executes dropped EXE
PID:2968
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
19.3MB
MD57357f2b8e5208955948835deac4be346
SHA1a5a77b471149f1ee78a805eda4946e5879129513
SHA256dba8949a396e62d25ea8c5f0baecb642262a23b8fa09689139484bf5a537bb67
SHA512ecb5c24814abf8c589c00312f39f7791d8f23f86a2cd0b8835a6134c375548b41d4360f69b83820b2a7936d5be358121aceec33cf61351835e3bdd0e8797fc29