Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
144s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
24/07/2024, 04:24
General
-
Target
6a39e3f3425409246d027f141aea485b_JaffaCakes118.vbs
-
Size
126KB
-
MD5
6a39e3f3425409246d027f141aea485b
-
SHA1
8ecbc388daddfe316038a8913b68b8966fe87c52
-
SHA256
178a61d0fa02e1aeded63c9c17b27e7420689fdb8fd75740e4125484566aab89
-
SHA512
5b87a1a28eb665c5ea124e64d3603012f6af15afae279d1b83703908d57096b91ecfe9046d98095b951031dace4a4bf3b46c5eb5a8cf396d178d3b70b754928a
-
SSDEEP
3072:sNuLp9+wX4J99Mlf5HTRnG0VabujeEDEy8YTIb93eX1p1tV75pJBVDs1AQjylOyl:sNuLp9h4J99Mlf5HTRnG0VabujeEDEyz
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Extracted
metasploit
windows/reverse_tcp
192.168.6.249:4444
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\6a39e3f3425409246d027f141aea485b_JaffaCakes118.vbs"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\radE3BB0.tmp\netx.exe"C:\Users\Admin\AppData\Local\Temp\radE3BB0.tmp\netx.exe"2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f19f32c5acdbdfeef0d176b0d56f2208
SHA1b914248dfc297bf3ca09abb8cb2a994d42b1135f
SHA25648629bd428757c096d44462bcd373520542c6cceb0ec8ee4df33063f8aa5374c
SHA512ade016779ce5743121fbb1771e88b60741efaa6b9eb4c3ec5a5eacc108ea4d279506757686f8e0ee77c363472e3960a42ab289c667f14ceed33e7f262ed76218
-
Filesize
16KB
-
Filesize
16KB