Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
12/09/2024, 23:21
Static task
static1
Behavioral task
behavioral1
Sample
dd39e2c27cd4fc6abbd01099ab825819_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
dd39e2c27cd4fc6abbd01099ab825819_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
dd39e2c27cd4fc6abbd01099ab825819_JaffaCakes118.exe
-
Size
115KB
-
MD5
dd39e2c27cd4fc6abbd01099ab825819
-
SHA1
6b1279ec2126cfdd3d0149ab8b8b855817cd23a7
-
SHA256
6b6516301ab90189ec4fb7c5c2c62cb453894fa3520b14ad3aca99565016119e
-
SHA512
c768fb813ad7c7ae907d0c197163775811f27fa39774e024a663c16ef7b05577512bbee8a7493cc7cf382eae9254efed0ec7ee914ed8e3f86f57cdd0b0e5e055
-
SSDEEP
3072:Of/vMVckYZFyt14OEKmBN9tHDW5WHg8/8jNrvZQ//jjL/XM:OHvfcEKgLHDW5S8jRSPjM
Malware Config
Signatures
-
Suspicious use of UnmapMainImage 1 IoCs
pid Process 3032 dd39e2c27cd4fc6abbd01099ab825819_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 3032 wrote to memory of 1160 3032 dd39e2c27cd4fc6abbd01099ab825819_JaffaCakes118.exe 21 PID 3032 wrote to memory of 1160 3032 dd39e2c27cd4fc6abbd01099ab825819_JaffaCakes118.exe 21
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:1160
-
C:\Users\Admin\AppData\Local\Temp\dd39e2c27cd4fc6abbd01099ab825819_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\dd39e2c27cd4fc6abbd01099ab825819_JaffaCakes118.exe"2⤵
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3032
-