Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
95s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
05/04/2024, 05:43
Static task
static1
Behavioral task
behavioral1
Sample
cc66bcff188c7ea802ecf0feffd20e54_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
cc66bcff188c7ea802ecf0feffd20e54_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
cc66bcff188c7ea802ecf0feffd20e54_JaffaCakes118.exe
-
Size
59KB
-
MD5
cc66bcff188c7ea802ecf0feffd20e54
-
SHA1
df675d61993d4a93a1ae45929640dff275856812
-
SHA256
b73435925ea5bff564ee603246061c65339a128762d5e1e3141a2f390038cc41
-
SHA512
19e98bc6f2fc84f54a83745eb2415f0c937f7ce009902a1f02c10bcb1153af8b88ddd187196869e12854fa79f561285a20bbb466dc84968d944647094a3b6f65
-
SSDEEP
768:vCru/f9Iw/E6zy4n8uZ5tUXMJ+fROUmELY2glEbM3j+rd+fpRiTWNReOOe:71Tzy48untU8fOMEI3jyYfPiuOe
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 9 IoCs
description pid Process procid_target PID 1316 wrote to memory of 4064 1316 cc66bcff188c7ea802ecf0feffd20e54_JaffaCakes118.exe 85 PID 1316 wrote to memory of 4064 1316 cc66bcff188c7ea802ecf0feffd20e54_JaffaCakes118.exe 85 PID 1316 wrote to memory of 4064 1316 cc66bcff188c7ea802ecf0feffd20e54_JaffaCakes118.exe 85 PID 4064 wrote to memory of 1652 4064 cmd.exe 88 PID 4064 wrote to memory of 1652 4064 cmd.exe 88 PID 4064 wrote to memory of 1652 4064 cmd.exe 88 PID 1652 wrote to memory of 932 1652 iexpress.exe 90 PID 1652 wrote to memory of 932 1652 iexpress.exe 90 PID 1652 wrote to memory of 932 1652 iexpress.exe 90
Processes
-
C:\Users\Admin\AppData\Local\Temp\cc66bcff188c7ea802ecf0feffd20e54_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\cc66bcff188c7ea802ecf0feffd20e54_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1316 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\709C.tmp\1.bat" "C:\Users\Admin\AppData\Local\Temp\cc66bcff188c7ea802ecf0feffd20e54_JaffaCakes118.exe""2⤵
- Suspicious use of WriteProcessMemory
PID:4064 -
C:\Windows\SysWOW64\iexpress.exeiexpress /n /q /m C:\Users\Admin\AppData\Local\Temp\popup.sed3⤵
- Suspicious use of WriteProcessMemory
PID:1652 -
C:\Windows\SysWOW64\makecab.exeC:\Windows\SysWOW64\makecab.exe /f "~%TargetName%.DDF"4⤵PID:932
-
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD502dba5f37067292355c6d01a57d4ef48
SHA17c67ab3f99fbf7a53018dd295d2968c525db83d9
SHA2568b74c812ba9e6c536da7edd4101e7e0dddeab8355e5aff095dd31b3f00560242
SHA51212201f949ee3198c8f4b39cc8edf90a114ecf42ddd5383ed0b87e4c78053cd517786dc7af83557e63a0483af74f4c0117d5568441ae761ff6958e758704d602a
-
Filesize
59KB
MD5794a29bce745382502e2c548bb0912eb
SHA147d38a1018fd956caa77279391d63c8a3e64570a
SHA2565876af850327ee9f8e0dbe76e000dafe94a7ffdc5b0f5a6b0ed9ca11f6aa0938
SHA512a81bbe6d7517160d2b1bd2d865764c109097f36d078aaf2dd635792c0e06b4b35881f260c1b42a02e87c65da268296f287cf258cce423d08855d881ed7821516
-
Filesize
724B
MD5c3ca008abd6997c4b036a7e8be75cb2c
SHA105f7a3527bb04c691b08f040f562582035398829
SHA25629ef6bf47dcc8c67f1abe1b269d3518d6a4ebe125daa1ea460779638cb9782a3
SHA512bee0baf3cb83144239077f99f5ca2a6ca7b618f7f51a53e03613ae697e8bc76fa28f5d006296b469be8e1fffeeb35668b5fe87b260b1380cc003815ea9efb083