Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
19/04/2024, 04:07
Static task
static1
Behavioral task
behavioral1
Sample
f9783930fc42d414f98315fad2fafca0_JaffaCakes118.exe
Resource
win7-20240215-en
General
-
Target
f9783930fc42d414f98315fad2fafca0_JaffaCakes118.exe
-
Size
199KB
-
MD5
f9783930fc42d414f98315fad2fafca0
-
SHA1
3bb48c191418ee8776f2860460001cc0496c2ee6
-
SHA256
6a941f71a46616aa978e96ebd18f3fcab014d93ee531ce671dd8f24dd4ecce4a
-
SHA512
7c0a739b7d8c57f9cc3dae99dff045f149ff218f0c451bc78ebbbcf9914a63cb132a2dca5dd1fa7dae67c853401b150bb7b8fe7b45c3d0bed0ffed04b7a93426
-
SSDEEP
6144:lvW7ntBa5S49H99P4x0Mz0rtGeBhz0pI:k7kS4x9h4x0RGeBSC
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
resource yara_rule behavioral2/memory/4256-1-0x0000000000400000-0x0000000000469000-memory.dmp upx behavioral2/memory/1900-13-0x0000000000400000-0x0000000000469000-memory.dmp upx behavioral2/memory/4256-43-0x0000000000400000-0x0000000000469000-memory.dmp upx behavioral2/memory/1256-107-0x0000000000400000-0x0000000000469000-memory.dmp upx behavioral2/memory/4256-188-0x0000000000400000-0x0000000000469000-memory.dmp upx -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 4256 wrote to memory of 1900 4256 f9783930fc42d414f98315fad2fafca0_JaffaCakes118.exe 86 PID 4256 wrote to memory of 1900 4256 f9783930fc42d414f98315fad2fafca0_JaffaCakes118.exe 86 PID 4256 wrote to memory of 1900 4256 f9783930fc42d414f98315fad2fafca0_JaffaCakes118.exe 86 PID 4256 wrote to memory of 1256 4256 f9783930fc42d414f98315fad2fafca0_JaffaCakes118.exe 87 PID 4256 wrote to memory of 1256 4256 f9783930fc42d414f98315fad2fafca0_JaffaCakes118.exe 87 PID 4256 wrote to memory of 1256 4256 f9783930fc42d414f98315fad2fafca0_JaffaCakes118.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\f9783930fc42d414f98315fad2fafca0_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f9783930fc42d414f98315fad2fafca0_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4256 -
C:\Users\Admin\AppData\Local\Temp\f9783930fc42d414f98315fad2fafca0_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\f9783930fc42d414f98315fad2fafca0_JaffaCakes118.exe startC:\Users\Admin\AppData\Roaming\Microsoft\conhost.exe%C:\Users\Admin\AppData\Roaming\Microsoft2⤵PID:1900
-
-
C:\Users\Admin\AppData\Local\Temp\f9783930fc42d414f98315fad2fafca0_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\f9783930fc42d414f98315fad2fafca0_JaffaCakes118.exe startC:\Users\Admin\AppData\Roaming\dwm.exe%C:\Users\Admin\AppData\Roaming2⤵PID:1256
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
996B
MD5d1690604eb28cf776d444f059aa9b8d4
SHA1cebdf51088bdfc90b467be68205793d5933d5bd2
SHA2563322e7f6835504200fbde7c48634d8d4986ae7d39d54e8958f8fc5c5f93f053a
SHA512d609fb344c0f636b9593a603695309b8eb27f7b541bf77ad5f55589664197c019da68b8ed0b8db7ede79214ad756e4e915ddd2f70d218fec59d1722c69d7babf
-
Filesize
600B
MD5af7e958105a876dac16806363b8e2965
SHA12290d2ff69100c09bb7e3135e3ec72880aa7285f
SHA256596c0fa8cce419ec490ab43de29e454a22871a1b4045262499458e0da4c186c6
SHA512566625855e08a064427f6b8cb68404dbc352c99130493290cdfb230a71b3edd1d864bb6bdd3fc9df865588051dc0b092d3a14b81fa932baa559bd39524200065
-
Filesize
1KB
MD5fb342562010c3adfb3c01ae8749940c7
SHA1cae33ce43db799a318b94e43ad2f955516211bee
SHA256cde999fa777a08ba5d75d8f1efd0d2be9287b467390609ebbbf51f114cbeaef4
SHA5127baca75ca43e3aff58b1f1c57c07eb746d91a15161c9e7bbde8f7b5b4f614bf9efcd914d2a3f2552655e7e776dbdb0dfa022426b9a6f443547b5a7eea879bdd5