Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    65s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    13/12/2024, 01:09

General

  • Target

    e9273df577a0b2960737f23d57721932_JaffaCakes118.exe

  • Size

    195KB

  • MD5

    e9273df577a0b2960737f23d57721932

  • SHA1

    8a0cd0439c7a2ad32858d79c54ee2a8afdc4e9f6

  • SHA256

    872fab6a6ec7293d4444822b21929ef9ec4c2bade1b4ab9e58621cf0f19062a6

  • SHA512

    3ecdcecaceb5f7f4c5fec9a654e2b96ee5a86e0c6c87aacb6c4da22bf860246099f6ff028ffc31a5d1fb19f4e22343ab1042a853c23352a81fa818ff33208b64

  • SSDEEP

    3072:nNe6Q7+/AZmRvD2gy8YmOD+rKD/HqAFL2zV30IITxq6vj5B0SINwY:g6pNy8S+rKDfrFCd0Ixu5B0SIN/

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e9273df577a0b2960737f23d57721932_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e9273df577a0b2960737f23d57721932_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2768
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 148
      2⤵
      • Program crash
      PID:2804

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2768-0-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

  • memory/2768-1-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB