Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    03/01/2025, 03:25

General

  • Target

    JaffaCakes118_69f061c7b20fe366e290ff8a21f6dbb0.exe

  • Size

    315KB

  • MD5

    69f061c7b20fe366e290ff8a21f6dbb0

  • SHA1

    1c0681f4a2294d6fa5ca8297e9b87c9244103958

  • SHA256

    823d83be06133c53b77a88bf40527e02fcde7a50308b8cafeaa20da4cb16652c

  • SHA512

    a5d3f3f936442e551ae51813e6eb3616e4fdc1793cad1e3d5c332c5db97d0d92846ca13b9f85cb335e11866172fcc5de88dbc3deb5ec59f17435782a257bebd1

  • SSDEEP

    6144:NO3KuljRzG9P/iti+M2sgQ4oOTZi8fiJJHIzZZeYB:T4jRzasb7sghNi8fivHGZZeYB

Malware Config

Signatures

  • Expiro family
  • Expiro, m0yv

    Expiro aka m0yv is a multi-functional backdoor written in C++.

  • Expiro payload 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_69f061c7b20fe366e290ff8a21f6dbb0.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_69f061c7b20fe366e290ff8a21f6dbb0.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2196

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2196-0-0x0000000001052000-0x0000000001079000-memory.dmp

    Filesize

    156KB

  • memory/2196-1-0x0000000001000000-0x0000000001079000-memory.dmp

    Filesize

    484KB

  • memory/2196-2-0x0000000001052000-0x0000000001079000-memory.dmp

    Filesize

    156KB

  • memory/2196-3-0x0000000001000000-0x0000000001079000-memory.dmp

    Filesize

    484KB