Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
15/04/2024, 01:57
Static task
static1
Behavioral task
behavioral1
Sample
f007f77d8811b968343d432069c6cdd3_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
f007f77d8811b968343d432069c6cdd3_JaffaCakes118.exe
Resource
win10v2004-20240412-en
General
-
Target
f007f77d8811b968343d432069c6cdd3_JaffaCakes118.exe
-
Size
385KB
-
MD5
f007f77d8811b968343d432069c6cdd3
-
SHA1
ba2afc954c359d7d813d7474b982b0b649a4e8aa
-
SHA256
fd4e84f7cf39d3413ce9fac7f60eb707874a893dce4d544c192d66040a0244ba
-
SHA512
7a81570d8881a7ba1fcdb923e2965910875c1213f117dfacaa2fadc69881a1da86d4cc34f8403c266cf99c37f3b6b2736ce2572276687521e27d573f48a814c0
-
SSDEEP
6144:OlimhxgNwlUR+mETxrLMQm67Ta1r3+nprgQE6dtlTnx5cLPB:kzOYJNNrXPCR+nYkD5c7B
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2844 f007f77d8811b968343d432069c6cdd3_JaffaCakes118.exe -
Executes dropped EXE 1 IoCs
pid Process 2844 f007f77d8811b968343d432069c6cdd3_JaffaCakes118.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 11 pastebin.com 14 pastebin.com -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 932 f007f77d8811b968343d432069c6cdd3_JaffaCakes118.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 932 f007f77d8811b968343d432069c6cdd3_JaffaCakes118.exe 2844 f007f77d8811b968343d432069c6cdd3_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 932 wrote to memory of 2844 932 f007f77d8811b968343d432069c6cdd3_JaffaCakes118.exe 87 PID 932 wrote to memory of 2844 932 f007f77d8811b968343d432069c6cdd3_JaffaCakes118.exe 87 PID 932 wrote to memory of 2844 932 f007f77d8811b968343d432069c6cdd3_JaffaCakes118.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\f007f77d8811b968343d432069c6cdd3_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f007f77d8811b968343d432069c6cdd3_JaffaCakes118.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:932 -
C:\Users\Admin\AppData\Local\Temp\f007f77d8811b968343d432069c6cdd3_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\f007f77d8811b968343d432069c6cdd3_JaffaCakes118.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2844
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
385KB
MD5cd24a2d1d7a96ce306e8064c971d3159
SHA14ab320a4aa68e1c5d40e4bce924d6bb5692b3e6d
SHA256334d3d550fda241cc2ad061f8c8aa0ff478cc6b65fb6b630c5f7e9493f9d66f8
SHA512e377e6792188bf2f6efbbd8bf82149ebcf0435309e7600cad9364acce4810e583a9a95413cf7a99147eb92e6dcfd95737e7caf711eeb3759e2ecba83a1816b39