Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

JaffaCakes...70.exe

windows7-x64

10

JaffaCakes...70.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    04/01/2025, 23:33 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe

  • Size

    34KB

  • MD5

    7d1f6e91d47981f587bb58ebc03e5c70

  • SHA1

    88b79991fe98163e6257e43497291033dc719907

  • SHA256

    797ead2d8e2bb8eb6dc75e7108bcb722454243883db8ec339e1466f3ff51e39c

  • SHA512

    4dd6daadcc70bb62fdfe46c4bc5caa35c1cff6940c3fc3bf5c1ca6525a7f3e17c46f34ae43cfc67405bf0bc16db0542f1e38056455f3f8abddca3db87322d8c5

  • SSDEEP

    768:SCIqdH/k1ZVcT194jp421sttYgP0xPAEBOf4V8U8ymBTu:SNqaLV8a6esttzP0ZHK4aUmxu

Score
10/10
mydoomdiscoverypersistenceupxworm

Malware Config

Signatures

  • Detects MyDoom family 11 IoCs
  • MyDoom

    MyDoom is a Worm that is written in C++.

    wormmydoom
  • Mydoom family
    mydoom
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • UPX packed file 13 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    PID:1912

Network

  • flag-us
    DNS
    resources.jar
    JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe
    Remote address:
    8.8.8.8:53
    Request
    resources.jar
    IN MX
    Response
  • flag-us
    DNS
    resources.jar
    JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe
    Remote address:
    8.8.8.8:53
    Request
    resources.jar
    IN MX
    Response
  • flag-us
    DNS
    mozilla.org.xpi
    JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe
    Remote address:
    8.8.8.8:53
    Request
    mozilla.org.xpi
    IN MX
    Response
  • flag-us
    DNS
    mozilla.org.xpi
    JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe
    Remote address:
    8.8.8.8:53
    Request
    mozilla.org.xpi
    IN MX
    Response
  • flag-us
    DNS
    mozilla.org.xpi
    JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe
    Remote address:
    8.8.8.8:53
    Request
    mozilla.org.xpi
    IN MX
    Response
  • flag-us
    DNS
    mozilla.org.xpi
    JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe
    Remote address:
    8.8.8.8:53
    Request
    mozilla.org.xpi
    IN MX
    Response
  • flag-us
    DNS
    mx.mozilla.org.xpi
    JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe
    Remote address:
    8.8.8.8:53
    Request
    mx.mozilla.org.xpi
    IN A
    Response
  • flag-us
    DNS
    mail.mozilla.org.xpi
    JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe
    Remote address:
    8.8.8.8:53
    Request
    mail.mozilla.org.xpi
    IN A
    Response
  • flag-us
    DNS
    mail.mozilla.org.xpi
    JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe
    Remote address:
    8.8.8.8:53
    Request
    mail.mozilla.org.xpi
    IN A
    Response
  • flag-us
    DNS
    smtp.mozilla.org.xpi
    JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe
    Remote address:
    8.8.8.8:53
    Request
    smtp.mozilla.org.xpi
    IN A
    Response
  • flag-us
    DNS
    smtp.mozilla.org.xpi
    JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe
    Remote address:
    8.8.8.8:53
    Request
    smtp.mozilla.org.xpi
    IN A
    Response
  • flag-us
    DNS
    apple.com
    JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe
    Remote address:
    8.8.8.8:53
    Request
    apple.com
    IN MX
    Response
    apple.com
    IN MX
    mx-ing�
    apple.com
    IN MX
     mx-in-hfd�
    apple.com
    IN MX
    mx-in-rn�
    apple.com
    IN MX
    mx-in-ma�
    apple.com
    IN MX
     mx-in-mdn�
    apple.com
    IN MX
     mx-in-vib�
    apple.com
    IN MX
    mx-in-sg�
  • flag-us
    DNS
    mx-in.g.apple.com
    JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe
    Remote address:
    8.8.8.8:53
    Request
    mx-in.g.apple.com
    IN A
    Response
    mx-in.g.apple.com
    IN A
    17.57.170.2
  • flag-us
    DNS
    unicode.org
    JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe
    Remote address:
    8.8.8.8:53
    Request
    unicode.org
    IN MX
    Response
    unicode.org
    IN MX
    alt1aspmxlgooglecom
    unicode.org
    IN MX
    alt4�0
    unicode.org
    IN MX
    alt2�0
    unicode.org
    IN MX
    �0
    unicode.org
    IN MX
    alt3�0
  • flag-us
    DNS
    alt1.aspmx.l.google.com
    JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe
    Remote address:
    8.8.8.8:53
    Request
    alt1.aspmx.l.google.com
    IN A
    Response
    alt1.aspmx.l.google.com
    IN A
    142.250.150.27
  • 69.38.65.158:1042
    JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe
    152 B
     3
  • 16.115.195.202:1042
    JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe
    152 B
     3
  • 65.9.206.132:1042
    JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe
    152 B
     3
  • 15.253.66.92:1042
    JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe
    152 B
     3
  • 15.228.63.102:1042
    JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe
    152 B
     3
  • 192.168.0.104:1042
    JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe
    152 B
     3
  • 64.173.102.114:1042
    JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe
    152 B
     3
  • 17.57.170.2:25
    mx-in.g.apple.com
    JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe
    152 B
     3
  • 142.250.150.27:25
    alt1.aspmx.l.google.com
    JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe
    152 B
     3
  • 10.39.30.45:1042
    JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe
    52 B
     1
  • 8.8.8.8:53
    resources.jar
    dns
    JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe
    59 B
     134 B
     1
    1

    DNS Request

    resources.jar

  • 8.8.8.8:53
    resources.jar
    dns
    JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe
    59 B
     134 B
     1
    1

    DNS Request

    resources.jar

  • 8.8.8.8:53
    mozilla.org.xpi
    dns
    JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe
    61 B
     136 B
     1
    1

    DNS Request

    mozilla.org.xpi

  • 8.8.8.8:53
    mozilla.org.xpi
    dns
    JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe
    61 B
     136 B
     1
    1

    DNS Request

    mozilla.org.xpi

  • 8.8.8.8:53
    mozilla.org.xpi
    dns
    JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe
    61 B
     136 B
     1
    1

    DNS Request

    mozilla.org.xpi

  • 8.8.8.8:53
    mozilla.org.xpi
    dns
    JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe
    61 B
     136 B
     1
    1

    DNS Request

    mozilla.org.xpi

  • 8.8.8.8:53
    mx.mozilla.org.xpi
    dns
    JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe
    64 B
     139 B
     1
    1

    DNS Request

    mx.mozilla.org.xpi

  • 8.8.8.8:53
    mail.mozilla.org.xpi
    dns
    JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe
    66 B
     141 B
     1
    1

    DNS Request

    mail.mozilla.org.xpi

  • 8.8.8.8:53
    mail.mozilla.org.xpi
    dns
    JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe
    66 B
     141 B
     1
    1

    DNS Request

    mail.mozilla.org.xpi

  • 8.8.8.8:53
    smtp.mozilla.org.xpi
    dns
    JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe
    66 B
     141 B
     1
    1

    DNS Request

    smtp.mozilla.org.xpi

  • 8.8.8.8:53
    smtp.mozilla.org.xpi
    dns
    JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe
    66 B
     141 B
     1
    1

    DNS Request

    smtp.mozilla.org.xpi

  • 8.8.8.8:53
    apple.com
    dns
    JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe
    55 B
     232 B
     1
    1

    DNS Request

    apple.com

  • 8.8.8.8:53
    mx-in.g.apple.com
    dns
    JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe
    63 B
     79 B
     1
    1

    DNS Request

    mx-in.g.apple.com

    DNS Response

    17.57.170.2

  • 8.8.8.8:53
    unicode.org
    dns
    JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe
    57 B
     175 B
     1
    1

    DNS Request

    unicode.org

  • 8.8.8.8:53
    alt1.aspmx.l.google.com
    dns
    JaffaCakes118_7d1f6e91d47981f587bb58ebc03e5c70.exe
    69 B
     85 B
     1
    1

    DNS Request

    alt1.aspmx.l.google.com

    DNS Response

    142.250.150.27

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\Kazaa Lite.ShareReactor.com
    Filesize

    34KB

    MD5

    7d1f6e91d47981f587bb58ebc03e5c70

    SHA1

    88b79991fe98163e6257e43497291033dc719907

    SHA256

    797ead2d8e2bb8eb6dc75e7108bcb722454243883db8ec339e1466f3ff51e39c

    SHA512

    4dd6daadcc70bb62fdfe46c4bc5caa35c1cff6940c3fc3bf5c1ca6525a7f3e17c46f34ae43cfc67405bf0bc16db0542f1e38056455f3f8abddca3db87322d8c5

    Download Submit

  • memory/1912-110-0x0000000000800000-0x000000000080D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/1912-5-0x0000000000800000-0x000000000080D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/1912-7-0x0000000000800000-0x000000000080D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/1912-3-0x0000000000800000-0x000000000080D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/1912-87-0x0000000000800000-0x000000000080D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/1912-0-0x0000000000800000-0x000000000080D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/1912-133-0x0000000000800000-0x000000000080D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/1912-134-0x0000000000800000-0x000000000080D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/1912-135-0x0000000000800000-0x000000000080D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/1912-137-0x0000000000800000-0x000000000080D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/1912-139-0x0000000000800000-0x000000000080D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/1912-244-0x0000000000800000-0x000000000080D000-memory.dmp

    Filesize

    52KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.