Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

JaffaCakes...56.exe

windows7-x64

10

JaffaCakes...56.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    16s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    09/01/2025, 21:05 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_d2605cb93cb77384fff7bbd368e7c456.exe

  • Size

    415KB

  • MD5

    d2605cb93cb77384fff7bbd368e7c456

  • SHA1

    dd16d2c79f6421da03e19b36ff460842d73864f3

  • SHA256

    2cc7826d740fae523d6e8ecc0da9489b33bced11d391e0b07f7f688b6e293981

  • SHA512

    f1a18a5daff35138284344a5fe20d15d58dd30d58a2b419aefaf03ab08369d20aad9470ba53a30642f82a784df580b3d75626d2d1110692f69cbdc7f42d5ef56

  • SSDEEP

    12288:drvyKsiX7VMLCkqm9S93FcCgg6IIT2pIbO8Eq5GP1mdr:drvyKsiLAxEcNgjpj8ECF

Score
10/10
expirobackdoor

Malware Config

Signatures

  • Expiro family
    expiro
  • Expiro, m0yv

    Expiro aka m0yv is a multi-functional backdoor written in C++.

    backdoorexpiro
  • Expiro payload 4 IoCs
    backdoor

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_d2605cb93cb77384fff7bbd368e7c456.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_d2605cb93cb77384fff7bbd368e7c456.exe"
    1⤵
      PID:2652

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2652-0-0x0000000000A6B000-0x0000000000AFE000-memory.dmp

      Filesize

      588KB

      Download

    • memory/2652-1-0x0000000000A6B000-0x0000000000AFE000-memory.dmp

      Filesize

      588KB

      Download

    • memory/2652-2-0x0000000000A00000-0x0000000000AFE000-memory.dmp

      Filesize

      1016KB

      Download

    • memory/2652-3-0x0000000000A00000-0x0000000000AFE000-memory.dmp

      Filesize

      1016KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.