Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

JaffaCakes...e9.exe

windows7-x64

10

JaffaCakes...e9.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250313-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/03/2025, 11:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_8e6c6cbda17663119850cefcda7764e9.exe

  • Size

    2.7MB

  • MD5

    8e6c6cbda17663119850cefcda7764e9

  • SHA1

    ad0bc72d4319b7b73a3ab26501b10004c2b0442a

  • SHA256

    44c985df8656b5d3f581d9c35733919b260451469864d8225eabad086248fa97

  • SHA512

    43f8116c5ab39004a8729798608293a47e3c1abe58528812f464a3b560f1a86b5e80e813e8cd3106f503d1198d76bed5d671e0d3a515ab1167ea52cd729d64ca

  • SSDEEP

    24576:xDod+16p7pklMNaoy6JcPmgpBnhPfJfqTlSElnoww7E+TD2Evd33kDod+16p7pk/:WXkbAF+xM6zXkbAF+xM6

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: LoadsDriver 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8e6c6cbda17663119850cefcda7764e9.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8e6c6cbda17663119850cefcda7764e9.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:5528
    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
      "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\oysr-9_3.cmdline"
      2⤵
        PID:1124
      • C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
        dw20.exe -x -s 996
        2⤵
          PID:5824
      • C:\Windows\system32\sihost.exe
        sihost.exe
        1⤵
          PID:3084
        • C:\Windows\system32\sihost.exe
          sihost.exe
          1⤵
            PID:216
          • C:\Windows\system32\sihost.exe
            sihost.exe
            1⤵
              PID:6012
            • C:\Windows\system32\sihost.exe
              sihost.exe
              1⤵
                PID:6016
              • C:\Windows\system32\sihost.exe
                sihost.exe
                1⤵
                  PID:5172
                • C:\Windows\system32\sihost.exe
                  sihost.exe
                  1⤵
                    PID:4432

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • memory/5528-0-0x0000000074962000-0x0000000074963000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/5528-1-0x0000000074960000-0x0000000074F11000-memory.dmp

                    Filesize

                    5.7MB

                    Download

                  • memory/5528-2-0x0000000074960000-0x0000000074F11000-memory.dmp

                    Filesize

                    5.7MB

                    Download

                  • memory/5528-8-0x0000000074962000-0x0000000074963000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/5528-9-0x0000000074960000-0x0000000074F11000-memory.dmp

                    Filesize

                    5.7MB

                    Download