Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    151s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/04/2024, 14:40

General

  • Target

    eda8b5f3e378fe847e0580e205eb33fd_JaffaCakes118.exe

  • Size

    256KB

  • MD5

    eda8b5f3e378fe847e0580e205eb33fd

  • SHA1

    f833ebe6a1e3bf312fc1ac1974115d2d49ca9490

  • SHA256

    46f7f4ef8cace4c42fd6659c5a735a7dde4f13cc7494ca17e2a9f3e96208c9a1

  • SHA512

    77e9cea8d7bd13de670a5009e00ff2e0097a069a70921986abee671f5298532f734ee33c7293a04db7ab2578c90264e7b60de4bbe76dfd08b1d0db8f1fd7532a

  • SSDEEP

    3072:x0bfWRrIMNRlZ62Pal2LBJXmzOHm5WZ3K+MCBOQ39cOaRr5ZGPVB:xWepp3PJXCOGY3egOQ39cC

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 27 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eda8b5f3e378fe847e0580e205eb33fd_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\eda8b5f3e378fe847e0580e205eb33fd_JaffaCakes118.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2032
    • C:\Users\Admin\myred.exe
      "C:\Users\Admin\myred.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2832

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\myred.exe

    Filesize

    256KB

    MD5

    fe499dc25b7a3c28a8f59c95b5c5f1db

    SHA1

    f0fc2d7c1b53b6be3209920d65d5eb491681b4b7

    SHA256

    8e6b9d1e4ed743a378bb2c27ab18a39dc439ef52eceefbce4e9e9bf46dda0047

    SHA512

    ebd85c99f82d97f7c54780a9a8c48a3e3c965003d4650fa8f28a04bb42cfc723849d6e68913fc9c74c28ad6ca257eb84b06a62c06740b7d5b78914c29514b366