Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
123s -
max time network
167s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
18/04/2024, 16:20
Static task
static1
Behavioral task
behavioral1
Sample
f8557444d716465f01c89307d430153a_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
f8557444d716465f01c89307d430153a_JaffaCakes118.exe
Resource
win10v2004-20240412-en
General
-
Target
f8557444d716465f01c89307d430153a_JaffaCakes118.exe
-
Size
1.6MB
-
MD5
f8557444d716465f01c89307d430153a
-
SHA1
121e7805b3dcd0b416874b400f2f29c7549096be
-
SHA256
4fb98c06085a33f197665afb7796951ee13b909aebfd618694ba24271e530a88
-
SHA512
0ba08cfd957f9245e028588761e5c8de515d71544e30dbafcfca939c0d558e53067b7732697477212155643ef44ecdac84498d99d056c7714b85f4346addcea3
-
SSDEEP
49152:sZgu8rAi+3USz3h1/XBkThdTlpSuxQxN9dT4S9E:sGIjR1Oh0Tw
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1230272463-3683322193-511842230-1000\Control Panel\International\Geo\Nation f8557444d716465f01c89307d430153a_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Runs ping.exe 1 TTPs 1 IoCs
pid Process 2268 PING.EXE -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1780 f8557444d716465f01c89307d430153a_JaffaCakes118.exe 1780 f8557444d716465f01c89307d430153a_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1780 f8557444d716465f01c89307d430153a_JaffaCakes118.exe 1780 f8557444d716465f01c89307d430153a_JaffaCakes118.exe 1780 f8557444d716465f01c89307d430153a_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 1780 wrote to memory of 4960 1780 f8557444d716465f01c89307d430153a_JaffaCakes118.exe 97 PID 1780 wrote to memory of 4960 1780 f8557444d716465f01c89307d430153a_JaffaCakes118.exe 97 PID 1780 wrote to memory of 4960 1780 f8557444d716465f01c89307d430153a_JaffaCakes118.exe 97 PID 4960 wrote to memory of 2268 4960 cmd.exe 99 PID 4960 wrote to memory of 2268 4960 cmd.exe 99 PID 4960 wrote to memory of 2268 4960 cmd.exe 99
Processes
-
C:\Users\Admin\AppData\Local\Temp\f8557444d716465f01c89307d430153a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f8557444d716465f01c89307d430153a_JaffaCakes118.exe"1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1780 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\12876.bat" "C:\Users\Admin\AppData\Local\Temp\6D59FBBE67ED4426B1B499E2581E3D55\""2⤵
- Suspicious use of WriteProcessMemory
PID:4960 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 10003⤵
- Runs ping.exe
PID:2268
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
212B
MD5668767f1e0c7ff2b3960447e259e9f00
SHA132d8abf834cce72f5e845175a0af2513b00504d8
SHA256cdb93994093a24991c246d8b6f7003920a510a45bfc8441521314ce22a79191d
SHA512c07f26c8601cf91d9805004668463721ab91e14f3cc59e77e20f43d98e070ea8e742c38fe8021c4ffb1ebc02e3743ab732b66ff84bb24b59a5fdcc8634c77680
-
C:\Users\Admin\AppData\Local\Temp\6D59FBBE67ED4426B1B499E2581E3D55\6D59FBBE67ED4426B1B499E2581E3D55_LogFile.txt
Filesize2KB
MD5f82b55d1eac1bfe4ded6dafd32428bc1
SHA107d7dff6275a3d29e2aa940c3c3b40621a0ed43c
SHA256f5803c4f3a61a3734ab18bdaba38a3514fef245e492c4d2a44f2107583feb792
SHA5128abc189302887b676026f7eaac0d3fa049cc46286ef64047b45aefb95cd6fdec40ec6c7076b3420d64341f88eb2107efd4310ca80bd901710410cfd9d6feb8d9
-
C:\Users\Admin\AppData\Local\Temp\6D59FBBE67ED4426B1B499E2581E3D55\6D59FBBE67ED4426B1B499E2581E3D55_LogFile.txt
Filesize10KB
MD56ae77dc243cfc30ab436e6cc5f1ec1e1
SHA1608f1e6caed040495f35fcc163956bd7900e7bca
SHA256b62b24ffecdde1ec6a89b67cb3651121b230e487c4f8a3161f55057b84792788
SHA5124a1f16958624a24f9aa45cad8cb0ab7eb58275996c3f66f139bf8f5b6477864b7980bca620b83b0349b23a9a0ab476cb7b7731adc920e0d39fa9c3077316caad
-
Filesize
103KB
MD56628afdc96034290384e458ced74dbb8
SHA1b77d808650b5f6bd05ad8677a687c9dcc2f76495
SHA256da628dc1ae61779de385d8934d512353aaecfe35d6b8f7ae991d20135a64372d
SHA512e885d36bb5cd560e16c8a7385295bb0c053e0c87f5e7be4023b4e28e2f4ea3d6d8c141188ac792a25ea41c58ded763a27644f5e9712d53b59d77dc055dfc35ca