Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
11/04/2024, 14:19
Static task
static1
Behavioral task
behavioral1
Sample
ed9e4c47089afd54058f4c8be8c4a579_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
ed9e4c47089afd54058f4c8be8c4a579_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
ed9e4c47089afd54058f4c8be8c4a579_JaffaCakes118.exe
-
Size
385KB
-
MD5
ed9e4c47089afd54058f4c8be8c4a579
-
SHA1
735e35db4e17a2d7b5c703f8ffa91aac53960c00
-
SHA256
4ddff0e72faff897c076bdbd7e4e085a1486d6b9a8f4bf0d626a0e12d9c3ee96
-
SHA512
b0c85f60280158529a8a7cb34b658e2be49b56b70d87d49aca59d75b752206416a0dab10d038a208f854fb0462edbd3ad5f51fca3b14e1fca69025cc1c69a212
-
SSDEEP
6144:rUbfHNdzLwsoyrw4lgiwPVLZdMmbDq8yyjS9kcbCk+TTZHLJqHL+ZB6B//iaED3B:kldnw4kmgRVd/bD3Nv08ZrJqHL5oaYB
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4268 ed9e4c47089afd54058f4c8be8c4a579_JaffaCakes118.exe -
Executes dropped EXE 1 IoCs
pid Process 4268 ed9e4c47089afd54058f4c8be8c4a579_JaffaCakes118.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 7 pastebin.com 8 pastebin.com -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1940 ed9e4c47089afd54058f4c8be8c4a579_JaffaCakes118.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1940 ed9e4c47089afd54058f4c8be8c4a579_JaffaCakes118.exe 4268 ed9e4c47089afd54058f4c8be8c4a579_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1940 wrote to memory of 4268 1940 ed9e4c47089afd54058f4c8be8c4a579_JaffaCakes118.exe 84 PID 1940 wrote to memory of 4268 1940 ed9e4c47089afd54058f4c8be8c4a579_JaffaCakes118.exe 84 PID 1940 wrote to memory of 4268 1940 ed9e4c47089afd54058f4c8be8c4a579_JaffaCakes118.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\ed9e4c47089afd54058f4c8be8c4a579_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\ed9e4c47089afd54058f4c8be8c4a579_JaffaCakes118.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1940 -
C:\Users\Admin\AppData\Local\Temp\ed9e4c47089afd54058f4c8be8c4a579_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ed9e4c47089afd54058f4c8be8c4a579_JaffaCakes118.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:4268
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
385KB
MD5c71ef2c85093656c449885d20d43cb57
SHA1ebfae19dc767fcc14e55647e9b1c04e50e22253d
SHA256fe31e20c3ecc8c77a93b90f2a0860068f378043992972bebc7cc12cc37717abf
SHA5127821e00b97305a640f5f1acbed6d21c9771b48733a475b593fa78586a4467943a71699ee0c5e74901f20ad98f20fb49f2f567b01777f59379c258db03344492e