Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
93s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
19/04/2024, 05:27
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
f999740e9439e553f81a25b83b346733_JaffaCakes118.exe
Resource
win7-20240221-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
f999740e9439e553f81a25b83b346733_JaffaCakes118.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
f999740e9439e553f81a25b83b346733_JaffaCakes118.exe
-
Size
514KB
-
MD5
f999740e9439e553f81a25b83b346733
-
SHA1
8a574f8a70bdfa55737847b5c935b42e08c72a71
-
SHA256
8c4e1f3edfcc474f9cf2175dacb421966fa627cafa5937b3cd73ad9f1095efeb
-
SHA512
8cf05dd3b66d08e36e25e1d68b3d5ebbf94074b1ea2ded88b766cea3eaffcbed01b330fde4f07fc2a46dafc0eb340979dbf755eadfab00756710c8a38d88b599
-
SSDEEP
3072:7+ZvkWp8qX96QfCDpMqrT4GmdVM3bXKCKk3T1a/PTYhA7Jf22QA6Ivv1tH/nSrNF:aZmqt6Qyiy3b6CR10TY8JOArF9S9
Score
6/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\SvcHosts32 = "C:\\Windows\\system32\\svchosts.exe" f999740e9439e553f81a25b83b346733_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers32\Thief 3 Serial Generator.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers32\Max Payne 2 - The Fall of Max Payne No-Cd Crack.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers32\Ulead GIF Animator 6.x Crack.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers32\Medal of Honor - Allied Assault Breakthrough Serial Generator.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers32\Direct Connect 1.x Serial Generator.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers32\MechWarrior 3 No-Cd Crack.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers32\FlashFXP 1.4 Crack.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers32\Star Trek - Elite Force II No-Cd Crack.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers32\ZoneAlarm 3.7.143 Crack.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers32\SWiSH 2.x Crack.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers32\WinAce 2.x Serial Generator.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers32\Battlefield 1942 - The Road to Rome Serial Generator.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers32\MVP Baseball 2003 No-Cd Crack.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers32\ZoneAlarm 3.8 Crack.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers32\Paint Shop Pro 9.x Crack.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers32\Trinity No-Cd Crack.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers32\Unreal Tournament 2003 No-Cd Crack.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers32\MVP Baseball 2003 Serial Generator.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers32\Metal Gear Solid III No-Cd Crack.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers32\MechWarrior V No-Cd Crack.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers32\Midtown Madness II No-Cd Crack.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers32\Paint Shop Pro 9.x Serial Generator.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers32\Network Cable e ADSL Speed 1.0.6 Serial Generator.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers32\Lords of EverQuest No-Cd Crack.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers32\Max Payne 2 - The Fall of Max Payne Serial Generator.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers32\Madden NFL 2003 Serial Generator.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers32\Paint Shop Pro 9.x Serial Generator.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers32\Delta Force - Black Hawk Down Serial Generator.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers32\NASCAR Thunder 2003 Serial Generator.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers32\WinAce 2.2 Serial Generator.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers32\Flight Simulator - Century of Flight Serial Generator.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers32\QuickTime 6.x Serial Generator.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers32\IconPackager 2.x Crack.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers32\Chrome Serial Generator.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers32\Half-Life II No-Cd Crack.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers32\MechWarrior 4 No-Cd Crack.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers32\Madden NFL 2003 Serial Generator.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers32\Hitman III No-Cd Crack.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers32\WinZip 9.x Crack.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers32\UltraEdit-32 10.x Serial Generator.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers32\Return to Castle Wolfenstein No-Cd Crack.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers32\Hitman 3 No-Cd Crack.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers32\Black & White 2 No-Cd Crack.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers32\Battlefield 1942 - Secret Weapons of World War II Serial Generator.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers32\ICUII 5.7 Serial Generator.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers32\WinZip 8.0 Serial Generator.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers32\Adobe Photoshop 7.x Serial Generator.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers32\Delta Force - Black Hawk Down No-Cd Crack.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers32\UT 2004 No-Cd Crack.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers32\ICUII 5.x.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers32\Medal of Honor - Allied Assault Breakthrough Serial Generator.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers32\FlashGet 1.3 Serial Generator.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers32\FIFA Soccer 2004 No-Cd Crack.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers32\SnagIt 6.2.2 Crack.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers32\WinAce 2.x Serial Generator.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers32\UT 2003 No-Cd Crack.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers32\NHL 2003 No-Cd Crack.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers32\Madden NFL 2003 No-Cd Crack.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers32\Grand Theft Auto - Vice City Serial Generator.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers32\Lords of the Realm III No-Cd Crack.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers32\WindowBlinds 4.0 Crack.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers32\Civilization III - Conquest No-Cd Crack.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers32\ICUII 5.x.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers32\Warlords 4 No-Cd Crack.exe f999740e9439e553f81a25b83b346733_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1132 wrote to memory of 2204 1132 f999740e9439e553f81a25b83b346733_JaffaCakes118.exe 93 PID 1132 wrote to memory of 2204 1132 f999740e9439e553f81a25b83b346733_JaffaCakes118.exe 93 PID 1132 wrote to memory of 2204 1132 f999740e9439e553f81a25b83b346733_JaffaCakes118.exe 93
Processes
-
C:\Users\Admin\AppData\Local\Temp\f999740e9439e553f81a25b83b346733_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f999740e9439e553f81a25b83b346733_JaffaCakes118.exe"1⤵
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1132 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c c:\$$$$$.bat2⤵PID:2204
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
514KB
MD5f999740e9439e553f81a25b83b346733
SHA18a574f8a70bdfa55737847b5c935b42e08c72a71
SHA2568c4e1f3edfcc474f9cf2175dacb421966fa627cafa5937b3cd73ad9f1095efeb
SHA5128cf05dd3b66d08e36e25e1d68b3d5ebbf94074b1ea2ded88b766cea3eaffcbed01b330fde4f07fc2a46dafc0eb340979dbf755eadfab00756710c8a38d88b599
-
Filesize
228B
MD5be2002d4f4062c3589e1e0a4ea5e8a1b
SHA11f86818453417a86c91971127f5a854d638cc582
SHA256d115d885096ff41d57cf94bd2e5ffa050c36a1990a29915dffc9301547201e58
SHA512013b97c8f26f823b77bd4b38fa51bed0eaa29c0432e989f875bbb257ac4d5b08b8237b61670216670b567be8bd2fe937c15a2c7a16dbd4e89398e2aadbc92610