Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

JaffaCakes...b0.exe

windows7-x64

10

JaffaCakes...b0.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    03/01/2025, 03:25 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_69f061c7b20fe366e290ff8a21f6dbb0.exe

  • Size

    315KB

  • MD5

    69f061c7b20fe366e290ff8a21f6dbb0

  • SHA1

    1c0681f4a2294d6fa5ca8297e9b87c9244103958

  • SHA256

    823d83be06133c53b77a88bf40527e02fcde7a50308b8cafeaa20da4cb16652c

  • SHA512

    a5d3f3f936442e551ae51813e6eb3616e4fdc1793cad1e3d5c332c5db97d0d92846ca13b9f85cb335e11866172fcc5de88dbc3deb5ec59f17435782a257bebd1

  • SSDEEP

    6144:NO3KuljRzG9P/iti+M2sgQ4oOTZi8fiJJHIzZZeYB:T4jRzasb7sghNi8fivHGZZeYB

Score
10/10
expirobackdoordiscovery

Malware Config

Signatures

  • Expiro family
    expiro
  • Expiro, m0yv

    Expiro aka m0yv is a multi-functional backdoor written in C++.

    backdoorexpiro
  • Expiro payload 4 IoCs
    backdoor
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_69f061c7b20fe366e290ff8a21f6dbb0.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_69f061c7b20fe366e290ff8a21f6dbb0.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2196

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2196-0-0x0000000001052000-0x0000000001079000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2196-1-0x0000000001000000-0x0000000001079000-memory.dmp

    Filesize

    484KB

    Download

  • memory/2196-2-0x0000000001052000-0x0000000001079000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2196-3-0x0000000001000000-0x0000000001079000-memory.dmp

    Filesize

    484KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.