Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

JaffaCakes...e5.ps1

windows7-x64

3

JaffaCakes...e5.ps1

windows10-2004-x64

10

Analysis

  • max time kernel
    17s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    10/01/2025, 16:21 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_e8b088e5944106e2ea4faf15fe283be5.ps1

  • Size

    3.7MB

  • MD5

    e8b088e5944106e2ea4faf15fe283be5

  • SHA1

    f2a69aca792d12cb5181b7e79011d160631c96c9

  • SHA256

    4006ccc6035e25005fcd9568eaa3e4aa4559cea66afe969ef74143d0b8caac60

  • SHA512

    b626548865f7c98ef44191ce4555c263ab45c5d4a84fc80779bb3795cb1ccc6dbf2ae987a1dbccfd62a603d2016685b13176d4f99cc91a179009232dd1c8765a

  • SSDEEP

    24576:IryW3GF/TM9IG9L9ZlR7FJfSvrl+sUic7Za0aFg4bkcOFIk86q5hpmqP147IR/vM:C

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e8b088e5944106e2ea4faf15fe283be5.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2248

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2248-4-0x000007FEF5E1E000-0x000007FEF5E1F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2248-5-0x000000001B340000-0x000000001B622000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2248-6-0x0000000002270000-0x0000000002278000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2248-7-0x000007FEF5B60000-0x000007FEF64FD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2248-8-0x000007FEF5B60000-0x000007FEF64FD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2248-9-0x000007FEF5B60000-0x000007FEF64FD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2248-10-0x000007FEF5B60000-0x000007FEF64FD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2248-11-0x000007FEF5E1E000-0x000007FEF5E1F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2248-12-0x000007FEF5B60000-0x000007FEF64FD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2248-13-0x000007FEF5B60000-0x000007FEF64FD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2248-14-0x000007FEF5B60000-0x000007FEF64FD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2248-15-0x000007FEF5B60000-0x000007FEF64FD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2248-16-0x000007FEF5B60000-0x000007FEF64FD000-memory.dmp

    Filesize

    9.6MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.