Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
10/04/2024, 20:46
Static task
static1
Behavioral task
behavioral1
Sample
ebf41f4b5e770958b1dd11e2fb9c29f0_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
ebf41f4b5e770958b1dd11e2fb9c29f0_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
ebf41f4b5e770958b1dd11e2fb9c29f0_JaffaCakes118.exe
-
Size
18.3MB
-
MD5
ebf41f4b5e770958b1dd11e2fb9c29f0
-
SHA1
0607bbea949889444d54a637acaa04a7c1a8c3ea
-
SHA256
c4fe7e42dc1ea441e5e53c0d717d64ca24292b84278bcca899aec0fb477b0c7b
-
SHA512
4d79ae7e52303a4ab9dd79459ae26554c77953c68fc1eaab50c54a5ce9f9f3153fa76320c3f1db7b6887150db9acc404039438d5bfcb765f0c15f07da1615f5b
-
SSDEEP
98304:EcKHfr5zfMfb5zfMXfr5zfMfb5zrMXfr5zfMmr5zv:Ev
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1508 ffad.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1508 ffad.exe -
Suspicious use of SendNotifyMessage 1 IoCs
pid Process 1508 ffad.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1508 ffad.exe 1508 ffad.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1896 wrote to memory of 1508 1896 ebf41f4b5e770958b1dd11e2fb9c29f0_JaffaCakes118.exe 86 PID 1896 wrote to memory of 1508 1896 ebf41f4b5e770958b1dd11e2fb9c29f0_JaffaCakes118.exe 86 PID 1896 wrote to memory of 1508 1896 ebf41f4b5e770958b1dd11e2fb9c29f0_JaffaCakes118.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\ebf41f4b5e770958b1dd11e2fb9c29f0_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\ebf41f4b5e770958b1dd11e2fb9c29f0_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1896 -
C:\Users\Admin\AppData\Local\Temp\ffad.exeC:\Users\Admin\AppData\Local\Temp\ffad.exe -run C:\Users\Admin\AppData\Local\Temp\ebf41f4b5e770958b1dd11e2fb9c29f0_JaffaCakes118.exe2⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1508
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
22.1MB
MD5fb2fc52de71f832c46b71cb58b7f19f8
SHA13793de041168033897c83d5c758d5e3053909418
SHA2568b7abfda15c09a98ae743781c0f4065851f89d41aacca3537077cd32b7f1f725
SHA512e0ff1c6aa0dfb168f62cc26cc8f9c99beeff439989e1b2e15429d9f8d14184762cd8746f4d87a5fffc5db165027c6c6bb0850ba0ad19e7a93866cb2846d33f7d