Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

670d09cb80...18.exe

windows7-x64

7

670d09cb80...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    138s
  • max time network
    132s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/07/2024, 09:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    670d09cb80ff2435e3976253ef231357_JaffaCakes118.exe

  • Size

    14.0MB

  • MD5

    670d09cb80ff2435e3976253ef231357

  • SHA1

    694e711650bffa261a1a39f08dd939b9fdb298c5

  • SHA256

    36af732ab60477ac753e2a6f351d8ce3c890c956d59d3d67d3b67de9ef3eaab0

  • SHA512

    b58dda29d0d83b59449274503e8efa02ad341a6849954db1da0865525f782fc00ae888e6b5a150f6eb3b4a572bf901521e5afcac8e3905db3f68e5af1a8eabab

  • SSDEEP

    196608:oL0LNLnZLcLo1L0LNLnsLNL4LfsLN0LNLnsLNLO:q

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\670d09cb80ff2435e3976253ef231357_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\670d09cb80ff2435e3976253ef231357_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4416
    • C:\Users\Admin\AppData\Local\Temp\rtqgnfu.exe
      C:\Users\Admin\AppData\Local\Temp\rtqgnfu.exe
      2⤵
      • Executes dropped EXE
      PID:884
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 24
        3⤵
        • Program crash
        PID:1836
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 884 -ip 884
    1⤵
      PID:1812

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\rtqgnfu.exe
      Filesize

      24.7MB

      MD5

      887d18cd7b98e937718d07273a2c5563

      SHA1

      3ecacca65a266504b63fcc97a94beb57bd59fa91

      SHA256

      b9432bbf963e913fa4dff790c3147c67c0652c4fb8af34d32430a67ffb6047f8

      SHA512

      4aa38f4bb7af42c9de37632a2c8fc81c08590d4b96d205d793c925fdb8fa347f7535576b10cd86587028fc2c77cda4cf316a6fe90dfc67fcc0d06cea41dad925

      Download Submit

    • memory/884-3-0x00000000716F0000-0x000000007177E000-memory.dmp

      Filesize

      568KB

      Download

    • memory/884-6-0x0000000000400000-0x0000000000460000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4416-0-0x00000000020E0000-0x00000000020E1000-memory.dmp

      Filesize

      4KB

      Download