Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

67b1a67817...18.exe

windows7-x64

7

67b1a67817...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    23/07/2024, 13:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    67b1a678179956ee4076f44d39ecad89_JaffaCakes118.exe

  • Size

    173KB

  • MD5

    67b1a678179956ee4076f44d39ecad89

  • SHA1

    fe5a10c425a29082a1be634167206d5df04fcff5

  • SHA256

    8368f9b82d2fe4f7aafed62f5eb0b6994c796859707c8960e9dd59b7d090ab34

  • SHA512

    72f03ad92e49b9219c66eba683fd24b4aad0f4f41d98aafad81394e836564265580d6d6a0e2d50e73c428b06ff7146b57c8582d9f45a0620b4db61db5c8884c4

  • SSDEEP

    3072:2ZLJXj0tMsWKyRwBa2e7H1lglxwF6JJmUykG8Nj38h7jWUfTMqqDhk+snT5IBI:cdXj0HazwwFlUykMqUfgqqDhpG

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\67b1a678179956ee4076f44d39ecad89_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\67b1a678179956ee4076f44d39ecad89_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:1712
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\del.bat
      2⤵
      • Deletes itself
      PID:3056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\del.bat
    Filesize

    228B

    MD5

    851ffa4fb537aa40575a4eb474ee085a

    SHA1

    70ea6f2bbb3d82083e3886fe057431048e32ec56

    SHA256

    63cb229b62d3d10822b071aa8a8264e3a310ec07d5f3577260f33ec5632eb99a

    SHA512

    0a77874b01bed87f010f3b7b3562f6676bd77519bb03d038cc57f5f7fe70b274289414dd514a600a40fcddc2dfcf3b6e408d5a6e08adddc6e7e2a5bace19af1c

    Download Submit

  • \Windows\SysWOW64\ro.dll
    Filesize

    126KB

    MD5

    50e20286e703a00fe83913424ea003c5

    SHA1

    0a73a655020469656248d6246694a8936db3f926

    SHA256

    e1cbfb839289ec19e643c8093aeb253c96ba9d1ece47adf69cc7c06410640acf

    SHA512

    5bcb07665a47d441ab61e764e0b7b732b448f983cc4a6972b51decb75e8bf9c3f90cdc70e1e78e04edc0a151a0d645ffd95ac5bdaf4dc5b497f570be271b1851

    Download Submit

  • memory/1712-3-0x0000000000240000-0x0000000000265000-memory.dmp

    Filesize

    148KB

    Download

  • memory/1712-12-0x0000000000400000-0x0000000000431000-memory.dmp

    Filesize

    196KB

    Download