Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

JaffaCakes...76.exe

windows7-x64

10

JaffaCakes...76.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    16/03/2025, 03:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_78b4846ac989f85ddfa4537293a32e76.exe

  • Size

    88KB

  • MD5

    78b4846ac989f85ddfa4537293a32e76

  • SHA1

    31b2c47daf82069dd975eb30f245c7022d9125a5

  • SHA256

    c5a36339aa789b434f5a4535a12feb12f0fd352567ee78bdcc1baf18b6936a12

  • SHA512

    2174442413664b6808764ef42c6b0fb211fc5812210262620e0937732e105814483585a1f1a0dc8ee128716f303ac36972f13bac1e2960ad9d3da820fb2dd170

  • SSDEEP

    768:rlHSuJKqyLohfceYqHlHSuJKqyLohKgKfAyLoouJKdal:RHTJKqOpe7HTJKqOEKoOaJKd2

Score
10/10
googlediscoveryphishing

Malware Config

Signatures

  • Detected google phishing page 1 IoCs
    phishinggoogle
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_78b4846ac989f85ddfa4537293a32e76.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_78b4846ac989f85ddfa4537293a32e76.exe"
    1⤵
    • Detected google phishing page
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2160
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\system32\asys.bat
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2696

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\asys.bat
    Filesize

    870KB

    MD5

    7ed4b6fa42935d209a0f552e26e03015

    SHA1

    943b5b4ef08e6964920ea63a0578afe8401711ce

    SHA256

    a012c277625c68326f962e8ac25a7ee07fe3066e8637534371f1c906ad23b8f6

    SHA512

    046dbf2317ed84fa5fadad1bc172ea9fbf66800ee1ebc6eb2cb7bb5839b5944859fabb484a2e1a788128214b156e7f4c718d6335fc7aab40a9e028fecf163d11

    Download Submit

  • C:\Windows\SysWOW64\sys31.exe
    Filesize

    870KB

    MD5

    1f07a19a462b986f6c339aad4219c9e9

    SHA1

    97f7fcae2d17181c33462b061a73b426fa1eee85

    SHA256

    8b243394356e61d2347439b3a66ed7509766f1a37712f347514f109803e3d295

    SHA512

    ca9e23f1d51243828e4e711a8baa582ebfeaa07b65617342d462e6972bc58c4ad5493c050a1c703b51e2a651b76017b2c440ed0430e437dd4ec5ad641cc993f3

    Download Submit