Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
06/04/2024, 14:38
Static task
static1
Behavioral task
behavioral1
Sample
e2c277bc12ee1291ee2d745b38df3719_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e2c277bc12ee1291ee2d745b38df3719_JaffaCakes118.exe
Resource
win10v2004-20231215-en
General
-
Target
e2c277bc12ee1291ee2d745b38df3719_JaffaCakes118.exe
-
Size
228KB
-
MD5
e2c277bc12ee1291ee2d745b38df3719
-
SHA1
be42a58db423a364c9a469de01cd1aafb63fc463
-
SHA256
35d6b94e7241f7d2c670098004afb3c049d546cb8ee39669700d14c1f6e5f2cb
-
SHA512
78919c053b93eab7aa58b4fb9ac5e0d384544969cad584a50cb1f88e7bcc29184f0301107cb8191867d1bd3269ae2b327c0bb4cb8bbc8e2b6d355440ecf13e2f
-
SSDEEP
6144:5HWIVw/qXU8ffzpNILD8UtQazdQb9OzkNKJAx6DV0p0:5HWIVVXU2dGqazdQb9IkNK1V0p0
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2324 Hcujya.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\W1WIWQ1NPG = "C:\\Windows\\Hcujya.exe" Hcujya.exe -
Drops file in Windows directory 4 IoCs
description ioc Process File created C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job e2c277bc12ee1291ee2d745b38df3719_JaffaCakes118.exe File opened for modification C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job e2c277bc12ee1291ee2d745b38df3719_JaffaCakes118.exe File created C:\Windows\Hcujya.exe e2c277bc12ee1291ee2d745b38df3719_JaffaCakes118.exe File opened for modification C:\Windows\Hcujya.exe e2c277bc12ee1291ee2d745b38df3719_JaffaCakes118.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main Hcujya.exe Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\International Hcujya.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe 2324 Hcujya.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2212 wrote to memory of 2324 2212 e2c277bc12ee1291ee2d745b38df3719_JaffaCakes118.exe 28 PID 2212 wrote to memory of 2324 2212 e2c277bc12ee1291ee2d745b38df3719_JaffaCakes118.exe 28 PID 2212 wrote to memory of 2324 2212 e2c277bc12ee1291ee2d745b38df3719_JaffaCakes118.exe 28 PID 2212 wrote to memory of 2324 2212 e2c277bc12ee1291ee2d745b38df3719_JaffaCakes118.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\e2c277bc12ee1291ee2d745b38df3719_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\e2c277bc12ee1291ee2d745b38df3719_JaffaCakes118.exe"1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2212 -
C:\Windows\Hcujya.exeC:\Windows\Hcujya.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
PID:2324
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
228KB
MD5e2c277bc12ee1291ee2d745b38df3719
SHA1be42a58db423a364c9a469de01cd1aafb63fc463
SHA25635d6b94e7241f7d2c670098004afb3c049d546cb8ee39669700d14c1f6e5f2cb
SHA51278919c053b93eab7aa58b4fb9ac5e0d384544969cad584a50cb1f88e7bcc29184f0301107cb8191867d1bd3269ae2b327c0bb4cb8bbc8e2b6d355440ecf13e2f
-
Filesize
372B
MD511c78e6b551ef28b91c4503a5eb7c40d
SHA182bfb3f61b5c201affe3b2c01f75c3e554b927b8
SHA25650e006f702efb3a959dc74b7db8ec54341116202d98a60f85cbb3d7485db7b46
SHA512fd208691b12281b31167d757525302d803d565986ae6208449aba9b9f3b88356d0d1391d499c8dea89fbd5851c3b9c12c0d717151827e0d2dd359b25452c19e6