Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
28/03/2024, 13:22
Static task
static1
Behavioral task
behavioral1
Sample
069dc0bef8fdc76df69a08cb60ef40a6_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
069dc0bef8fdc76df69a08cb60ef40a6_JaffaCakes118.exe
Resource
win10v2004-20231215-en
General
-
Target
069dc0bef8fdc76df69a08cb60ef40a6_JaffaCakes118.exe
-
Size
816KB
-
MD5
069dc0bef8fdc76df69a08cb60ef40a6
-
SHA1
ee66f1c18440d8e2a254d81bbfb9c5bd4420f11e
-
SHA256
91f4e3c93f2a788cfa29a9cabbbb2bf646a563f6ac60f7478494464a7d158feb
-
SHA512
604a03dc0d2588b6c3cf2b6d3b79c7c8f34d2b21d32cb6d759289a4a2920aa373724e50a34dcb9f0ebeba5d422202804579f184a5fbd33af43788a85bbaea0b3
-
SSDEEP
24576:bY4G2qLMJalsnqShyoo77lUabuSvbDQOOdIxJsG9C:03XZynV4oDabuWbDQOcIxJJ9C
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 368 1E0A0A0C120D156B155C15A0F0F160E0C160E.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
pid Process 2044 069dc0bef8fdc76df69a08cb60ef40a6_JaffaCakes118.exe 368 1E0A0A0C120D156B155C15A0F0F160E0C160E.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2044 wrote to memory of 368 2044 069dc0bef8fdc76df69a08cb60ef40a6_JaffaCakes118.exe 85 PID 2044 wrote to memory of 368 2044 069dc0bef8fdc76df69a08cb60ef40a6_JaffaCakes118.exe 85 PID 2044 wrote to memory of 368 2044 069dc0bef8fdc76df69a08cb60ef40a6_JaffaCakes118.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\069dc0bef8fdc76df69a08cb60ef40a6_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\069dc0bef8fdc76df69a08cb60ef40a6_JaffaCakes118.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:2044 -
C:\Users\Admin\AppData\Local\Temp\1E0A0A0C120D156B155C15A0F0F160E0C160E.exeC:\Users\Admin\AppData\Local\Temp\1E0A0A0C120D156B155C15A0F0F160E0C160E.exe2⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:368
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
816KB
MD53293e605af6301f129d17c18ecda48a5
SHA1f5436ae7523ad8f42d52d12699bf70c149e02e6e
SHA256d2e86bcb3f0fb32093a002572c23250a9181aa157cfedbafb38dddc49fa15a42
SHA512a3713c49aaa0747c67c29ac5800481242d8f3fc9a51fe2b73cdb2a5349eff1c9801f41b9e1a1feedea98395a3f2bc57efbb215a3626a1eee62a32358b2e5c044