Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
93s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
17/04/2024, 09:33
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe
Resource
win7-20240215-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe
-
Size
483KB
-
MD5
f57954605f62e9f608a5ffb41e17f0f2
-
SHA1
5e232b33d85e606199669cdb3b693b0f41c5bf5e
-
SHA256
3bd9900a0627f2272f3db752bfddceb1d0f94103fb49c2c3b7eee1f3397501ae
-
SHA512
2fb43e05cd4327c64ab313d7873ae099a4ea63f69ddd5ead7b28d383d48d23f0fc5cc0cd31cad5dc1e4a53bc4fba1c3adf1535345f3968820f49fb2085389957
-
SSDEEP
12288:++Iz16fjXaBix1c60yqPOV4uOeinggFQFg:C14APOzAgg2Fg
Score
6/10
Malware Config
Signatures
-
Drops desktop.ini file(s) 4 IoCs
description ioc Process File created \??\c:\$Recycle.Bin\S-1-5-21-2177723727-746291240-1644359950-1000\desktop.ini f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\$Recycle.Bin\S-1-5-21-2177723727-746291240-1644359950-1000\desktop.ini f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File created \??\c:\Program Files\desktop.ini f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\desktop.ini f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Principal.dll f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Threading.AccessControl.dll f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\110.0.5481.104\vk_swiftshader_icd.json f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected] f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\sv-SE\tipresx.dll.mui f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Json.dll f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-1.dll f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Quic.dll f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.JavaScript.dll f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\bn.pak f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\pl.txt f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Common Files\System\Ole DB\msxactps.dll f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\servertool.exe f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\lib\jfr.jar f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File created \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File created \??\c:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Algorithms.dll f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File created \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\javadoc.exe f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Http.dll f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Controls.Ribbon.resources.dll f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Input.Manipulations.resources.dll f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-1-0.dll f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationFramework.resources.dll f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationClientSideProviders.resources.dll f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\Microsoft.VisualBasic.Forms.resources.dll f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\lib\flavormap.properties f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\TipRes.dll f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Extensions.dll f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.DirectoryServices.dll f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Input.Manipulations.resources.dll f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Presentation.dll f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\ja-JP\InputPersonalization.exe.mui f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File created \??\c:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationClientSideProviders.resources.dll f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.Design.resources.dll f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\jp2iexp.dll f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterBold.ttf f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Tools.dll f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\WindowsFormsIntegration.resources.dll f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\manifest.json f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\jhat.exe f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\javacpl.cpl f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File created \??\c:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Requests.dll f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\WindowsFormsIntegration.resources.dll f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome.exe.sig f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-string-l1-1-0.dll f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.dll f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Controls.Ribbon.resources.dll f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\legal\jdk\ecc.md f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 1708 1148 WerFault.exe 82
Processes
-
C:\Users\Admin\AppData\Local\Temp\f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f57954605f62e9f608a5ffb41e17f0f2_JaffaCakes118.exe"1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1148 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 9922⤵
- Program crash
PID:1708
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 1148 -ip 11481⤵PID:664
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.2MB
MD5e31aba9cb503a1b80995dc0bc7c62808
SHA1798ad55270d60d4e810cd542cc1c1471a6632d07
SHA25617ca7ed8eae90dfef19b0c3f356222327418323e355a4f9052295fc47c1a0814
SHA512b8e31c50bc57235cf7a9f76357f93493c72cf22075839081d27104e0f8912156d7b0a0afc2976a1654e6a88e66cab56df51d1761e4f4d05c82416c9153deed55
-
Filesize
5B
MD5b5b682b742431a52ea8b17c72ad9c572
SHA1326320f469235708c59f678c9a7357dca552d306
SHA25630d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76
SHA5124e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163