Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
84s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
18/04/2024, 21:36
Static task
static1
Behavioral task
behavioral1
Sample
f8cc2768f25f3e2039ebc5384bdae0c5_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f8cc2768f25f3e2039ebc5384bdae0c5_JaffaCakes118.exe
Resource
win10v2004-20240412-en
General
-
Target
f8cc2768f25f3e2039ebc5384bdae0c5_JaffaCakes118.exe
-
Size
385KB
-
MD5
f8cc2768f25f3e2039ebc5384bdae0c5
-
SHA1
ea23656d1f41a65057561ad185e2e2c06729c39e
-
SHA256
ff53ffbfca8fd062cfd13cbf43dcf84902f58546cc1bb25aa704c4be9c4d64ee
-
SHA512
0925fba17e5505bf39d88404a28983b77d498275ddd992b651ca4648c52e050627b94fd675375eebb36112d565c0996cc8803721335574c4a60f4d916d120340
-
SSDEEP
6144:mp2UVSG9uTvFPqbqnQ2D9/n5HvymxNmPbMn9m10tDP82mPA4J7jBeKYzIEIPvB:mJovFQqnQ2BP5HvyDTC04kwkBe38vB
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4188 f8cc2768f25f3e2039ebc5384bdae0c5_JaffaCakes118.exe -
Executes dropped EXE 1 IoCs
pid Process 4188 f8cc2768f25f3e2039ebc5384bdae0c5_JaffaCakes118.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 16 pastebin.com 17 pastebin.com -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3296 f8cc2768f25f3e2039ebc5384bdae0c5_JaffaCakes118.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3296 f8cc2768f25f3e2039ebc5384bdae0c5_JaffaCakes118.exe 4188 f8cc2768f25f3e2039ebc5384bdae0c5_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3296 wrote to memory of 4188 3296 f8cc2768f25f3e2039ebc5384bdae0c5_JaffaCakes118.exe 87 PID 3296 wrote to memory of 4188 3296 f8cc2768f25f3e2039ebc5384bdae0c5_JaffaCakes118.exe 87 PID 3296 wrote to memory of 4188 3296 f8cc2768f25f3e2039ebc5384bdae0c5_JaffaCakes118.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\f8cc2768f25f3e2039ebc5384bdae0c5_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f8cc2768f25f3e2039ebc5384bdae0c5_JaffaCakes118.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3296 -
C:\Users\Admin\AppData\Local\Temp\f8cc2768f25f3e2039ebc5384bdae0c5_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\f8cc2768f25f3e2039ebc5384bdae0c5_JaffaCakes118.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:4188
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
385KB
MD54ccfa0270c2f8134bf66d5fb67e2d37f
SHA1cd42e5734cfe06b941352222d08574793fa28c0c
SHA256711ffa79a058fffcad0d53b8a7722419770d22b05b4b5b1bfc9f31a58997f4d6
SHA512a7bb0d8c3c0de2b4e3ce43c1081dee5798ba39c9923ec1ab28df08c8b5469ed259d394c4af8a01f417b6bfd11ccde884187c94dc89b47f2dcf60ef9688799dfe