Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    13s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2024, 23:49

General

  • Target

    JaffaCakes118_3f644c6df63687c4dd2dce14fb2f2caf.exe

  • Size

    149KB

  • MD5

    3f644c6df63687c4dd2dce14fb2f2caf

  • SHA1

    174181e38b8a79b37e090c28bcd22a1527096810

  • SHA256

    b3289635b42828dccce10e57b6fc40aad6b9369c402dc97724137efc7c65dc35

  • SHA512

    a1799ce4728a9f2ca4059c1401f754913c41ab204614ca4c8af7d35cbdd8288bb1f156d40bb322120872df0f97489cbbc6af65336d22512a0d643ef1e436a175

  • SSDEEP

    3072:oVYWkvmsmG7KEn3e9tFY9CavuC1RkqVTsG246LY7pilc:oV+hjB3eS9E1qVTsJ4S+

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3f644c6df63687c4dd2dce14fb2f2caf.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3f644c6df63687c4dd2dce14fb2f2caf.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2388-0-0x000007FEF5E03000-0x000007FEF5E04000-memory.dmp

    Filesize

    4KB

  • memory/2388-1-0x0000000000C50000-0x0000000000C78000-memory.dmp

    Filesize

    160KB

  • memory/2388-2-0x000007FEF5E00000-0x000007FEF67EC000-memory.dmp

    Filesize

    9.9MB

  • memory/2388-3-0x000007FEF5E00000-0x000007FEF67EC000-memory.dmp

    Filesize

    9.9MB