Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

JaffaCakes...cb.exe

windows7-x64

10

JaffaCakes...cb.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    93s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/01/2025, 12:54 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_aa535764688f0ed048c7ea1c6ef2a6cb.exe

  • Size

    183KB

  • MD5

    aa535764688f0ed048c7ea1c6ef2a6cb

  • SHA1

    35eb24d1e3240f1ffa91840c997eb97a3e705842

  • SHA256

    69d4cff0a2685bad42ec9ea57c2ac4a9f03f1fd8acff789994997b7ec4445a8d

  • SHA512

    623a75012820a473aa1025379856f1f8b8a07f6080334d157840081c73f4b5d3bb70675929f982053921887c10687b6eae43d3d23293dd17ec7793f999e36af2

  • SSDEEP

    3072:yPyKEJRh5WQTQ+3zj5SaOa9x2dPc4V7BHkODYG3e0uibNL0HsTADJR9mfOzS5KS+:iy59Tx3pbOa9wz7uODYL0BNLC/Fnwh+t

Score
3/10
discovery

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_aa535764688f0ed048c7ea1c6ef2a6cb.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_aa535764688f0ed048c7ea1c6ef2a6cb.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:4864
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 376
      2⤵
      • Program crash
      PID:1952
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4864 -ip 4864
    1⤵
      PID:3692

    Network

    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-us
      DNS
      232.168.11.51.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      232.168.11.51.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      172.214.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.214.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      134.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      134.32.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      7.98.22.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      7.98.22.2.in-addr.arpa
      IN PTR
      Response
      7.98.22.2.in-addr.arpa
      IN PTR
      a2-22-98-7deploystaticakamaitechnologiescom
    • flag-us
      DNS
      217.106.137.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      217.106.137.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      53.210.109.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      53.210.109.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      198.187.3.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      198.187.3.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      172.210.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.210.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      138.136.73.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      138.136.73.23.in-addr.arpa
      IN PTR
      Response
      138.136.73.23.in-addr.arpa
      IN PTR
      a23-73-136-138deploystaticakamaitechnologiescom
    • flag-us
      DNS
      88.210.23.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      88.210.23.2.in-addr.arpa
      IN PTR
      Response
      88.210.23.2.in-addr.arpa
      IN PTR
      a2-23-210-88deploystaticakamaitechnologiescom
    No results found
    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      66 B
       90 B
       1
      1

      DNS Request

      8.8.8.8.in-addr.arpa

    • 8.8.8.8:53
      232.168.11.51.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      232.168.11.51.in-addr.arpa

    • 8.8.8.8:53
      172.214.232.199.in-addr.arpa
      dns
      74 B
       128 B
       1
      1

      DNS Request

      172.214.232.199.in-addr.arpa

    • 8.8.8.8:53
      134.32.126.40.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      134.32.126.40.in-addr.arpa

    • 8.8.8.8:53
      7.98.22.2.in-addr.arpa
      dns
      68 B
       129 B
       1
      1

      DNS Request

      7.98.22.2.in-addr.arpa

    • 8.8.8.8:53
      217.106.137.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      217.106.137.52.in-addr.arpa

    • 8.8.8.8:53
      53.210.109.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      53.210.109.20.in-addr.arpa

    • 8.8.8.8:53
      198.187.3.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      198.187.3.20.in-addr.arpa

    • 8.8.8.8:53
      172.210.232.199.in-addr.arpa
      dns
      74 B
       128 B
       1
      1

      DNS Request

      172.210.232.199.in-addr.arpa

    • 8.8.8.8:53
      138.136.73.23.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      138.136.73.23.in-addr.arpa

    • 8.8.8.8:53
      88.210.23.2.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      88.210.23.2.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.