Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

8cf1e0e98a...18.exe

windows7-x64

7

8cf1e0e98a...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    12/08/2024, 02:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8cf1e0e98a286229a63e5acaaf93fe3d_JaffaCakes118.exe

  • Size

    80KB

  • MD5

    8cf1e0e98a286229a63e5acaaf93fe3d

  • SHA1

    1916602925d16cf0e2addea090336eb2fd02de37

  • SHA256

    6c2a2bbca7535cdde7d59bd18f530c7f758bf8b8174852f9c87505c249ecedfd

  • SHA512

    b9aa906d031222a746107ff3d224f48f4c8a42f27549ed336c55edfbebf5683547c6a97c4205ec0ead461cffaff0477257c3a527905fa163b918967943b1a48a

  • SSDEEP

    1536:X7d44eFtvHLfQE4ieCQ9sZV044EqEWH+ufB+cU+kxL/8O0vAkIfxqhCgz:LdFoHF4QF6F5R9B+n+w/3qAkZh

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8cf1e0e98a286229a63e5acaaf93fe3d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8cf1e0e98a286229a63e5acaaf93fe3d_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1952
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Fzb..bat" > nul 2> nul
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      PID:1044

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Fzb..bat
    Filesize

    238B

    MD5

    80bb62e050dbacbc4b3e3db77f1f2fc5

    SHA1

    7743ba949c55a3d408d6745a2d7fb00365521239

    SHA256

    11e6c658a6233ec7f54c6c9c189a6bb810a4f02027a96bf988dae108a4c2ffeb

    SHA512

    bc71f58f558f74c30846986ee243521a971be92b3b084b5c7a30b1a0f940cad71dba140850dee7256dbe42be121fe86f10aac3cf793c6f9f17f19fff11d2009c

    Download Submit

  • memory/1952-0-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1952-1-0x0000000000220000-0x0000000000234000-memory.dmp

    Filesize

    80KB

    Download

  • memory/1952-2-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1952-4-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download