Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
06/04/2024, 14:38
Static task
static1
Behavioral task
behavioral1
Sample
e2c277bc12ee1291ee2d745b38df3719_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e2c277bc12ee1291ee2d745b38df3719_JaffaCakes118.exe
Resource
win10v2004-20231215-en
General
-
Target
e2c277bc12ee1291ee2d745b38df3719_JaffaCakes118.exe
-
Size
228KB
-
MD5
e2c277bc12ee1291ee2d745b38df3719
-
SHA1
be42a58db423a364c9a469de01cd1aafb63fc463
-
SHA256
35d6b94e7241f7d2c670098004afb3c049d546cb8ee39669700d14c1f6e5f2cb
-
SHA512
78919c053b93eab7aa58b4fb9ac5e0d384544969cad584a50cb1f88e7bcc29184f0301107cb8191867d1bd3269ae2b327c0bb4cb8bbc8e2b6d355440ecf13e2f
-
SSDEEP
6144:5HWIVw/qXU8ffzpNILD8UtQazdQb9OzkNKJAx6DV0p0:5HWIVVXU2dGqazdQb9IkNK1V0p0
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2708 Pxoloa.exe -
Drops file in Windows directory 6 IoCs
description ioc Process File created C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job Pxoloa.exe File opened for modification C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job Pxoloa.exe File created C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job e2c277bc12ee1291ee2d745b38df3719_JaffaCakes118.exe File opened for modification C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job e2c277bc12ee1291ee2d745b38df3719_JaffaCakes118.exe File created C:\Windows\Pxoloa.exe e2c277bc12ee1291ee2d745b38df3719_JaffaCakes118.exe File opened for modification C:\Windows\Pxoloa.exe e2c277bc12ee1291ee2d745b38df3719_JaffaCakes118.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Main Pxoloa.exe Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\International Pxoloa.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe 2708 Pxoloa.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4512 wrote to memory of 2708 4512 e2c277bc12ee1291ee2d745b38df3719_JaffaCakes118.exe 84 PID 4512 wrote to memory of 2708 4512 e2c277bc12ee1291ee2d745b38df3719_JaffaCakes118.exe 84 PID 4512 wrote to memory of 2708 4512 e2c277bc12ee1291ee2d745b38df3719_JaffaCakes118.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\e2c277bc12ee1291ee2d745b38df3719_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\e2c277bc12ee1291ee2d745b38df3719_JaffaCakes118.exe"1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4512 -
C:\Windows\Pxoloa.exeC:\Windows\Pxoloa.exe2⤵
- Executes dropped EXE
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
PID:2708
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
228KB
MD5e2c277bc12ee1291ee2d745b38df3719
SHA1be42a58db423a364c9a469de01cd1aafb63fc463
SHA25635d6b94e7241f7d2c670098004afb3c049d546cb8ee39669700d14c1f6e5f2cb
SHA51278919c053b93eab7aa58b4fb9ac5e0d384544969cad584a50cb1f88e7bcc29184f0301107cb8191867d1bd3269ae2b327c0bb4cb8bbc8e2b6d355440ecf13e2f
-
Filesize
390B
MD5db09a8b9452b66265dc67ed9f42e34c6
SHA1806a030a42f1c7a9211c83b833b14c78e595e7b7
SHA2568f51f7007cab661f950c87bf1d1db54ca9b2ab1205f5c5907f0a011b94df51a7
SHA512ee07536892f2f62c783f11a4cba50a23304d70e6e9d1f87e7f5c2723dc7f7d1ba7322a3794c1b109d57d4a6417a7ee8a0c3091043676a81ee5ce95e06321bfc4