Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

84f137ac46...18.exe

windows7-x64

7

84f137ac46...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    17s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    10/08/2024, 05:24 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    84f137ac4654067e4c105187df431b34_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    84f137ac4654067e4c105187df431b34

  • SHA1

    e59218f0de1fa39f6cf6e3c2990ae21082e353b8

  • SHA256

    64b9ab45bb422d7aa7ad80ec352ea66c00e6a18d047dcce7104be1d3ddd055ec

  • SHA512

    84aabc030545cf09bee05be2ccb5c9270e04561088d0a93015e0e07c52d622efccfceffcf6d43f8bf3a8cf83fecd1b3c7e1f6a9b44ebf3ce5b660a37483e46a1

  • SSDEEP

    49152:Qoa1taC070dXck0lXK9brarLbExLOYVOA7msr6xSK:Qoa1taC0McTKs8VB/Ml

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\84f137ac4654067e4c105187df431b34_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\84f137ac4654067e4c105187df431b34_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2716
    • C:\Users\Admin\AppData\Local\Temp\3EF4.tmp
      "C:\Users\Admin\AppData\Local\Temp\3EF4.tmp" --splashC:\Users\Admin\AppData\Local\Temp\84f137ac4654067e4c105187df431b34_JaffaCakes118.exe 30E7D116347DEEDAF89F46C6BDAEE4529F9DF3DDC8FAC2BD9DDA337C8AB8E9E90AAC3CA73588F90939CF404138F5D8A0BB02D02A33C717A628AD0F7F9B0E9884
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2152

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\3EF4.tmp
    Filesize

    1.9MB

    MD5

    9914c84572a1a9038c32b732109e7563

    SHA1

    0484866fb133c44a785b42f725de1b13cfe59eb7

    SHA256

    37d0dba6959bf6d6587219c5bde64f485c34330297e3d10c24d736cf7c7180b5

    SHA512

    8ecdf4349e1187908e8e2067a4f6e55d10c6e5cf5d65bc0eb346f05b4c8c6cabbf9788427ca1890333fa7342b3dec24b92592b66d7d1f0b33df4624634311429

    Download Submit

  • memory/2152-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2716-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.