Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/04/2024, 23:10

General

  • Target

    fdde02ffc0c11e37597f16e75443951c_JaffaCakes118.exe

  • Size

    212KB

  • MD5

    fdde02ffc0c11e37597f16e75443951c

  • SHA1

    a6e186c8e7d3840dbc8400e11601dd3ac2ebd8a2

  • SHA256

    05bbab0386133ba28831074ee7546b2602807c44c22331599bed0a6b72736f25

  • SHA512

    3be9bf4dc19d3ceeac2a3908aadb5f131671ee77d3fc214595c0880e987258432a41b940ded180075fce378a52b2f2905e90fd4ede23715221423cfb7c32d824

  • SSDEEP

    3072:JPFIGJkYW3qeavs02vkk6eslROTBSmAJHrzhIiL+5X/h1osrXLuldnzsGvYm:JOGJkY2Nvkk6dlRCS59P3G5frql+Fm

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fdde02ffc0c11e37597f16e75443951c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\fdde02ffc0c11e37597f16e75443951c_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4832
    • C:\Users\Admin\AppData\Local\Temp\28ab10.exe
      "C:\Users\Admin\AppData\Local\Temp\28ab10.exe" "C:\Users\Admin\AppData\Local\Temp\fdde02ffc0c11e37597f16e75443951c_JaffaCakes118.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:4404
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\6439.bat" "C:\Users\Admin\AppData\Local\Temp\28ab10.exe""
        3⤵
          PID:4388

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\28ab10.exe

      Filesize

      208KB

      MD5

      e8c1ea2e33714a9942bd7bd5105a6c64

      SHA1

      56858752a3e7b4f846ce49146e676d01d019bc0c

      SHA256

      dd7dda339fc61d094f1f1f92460695ffb1da3ba40ae7677e09df2f079fa4e8bf

      SHA512

      a82cbbb887e8e392fa889987dbd0cdbb036b6d6a521a6186323fab4fd1859340f3eb68eefdeca80bdc33940183c1218e5d15e3cf992f4ecfa11204a0235c2e87

    • C:\Users\Admin\AppData\Local\Temp\6439.bat

      Filesize

      205B

      MD5

      af942e21a17f04903c52cb28a9b89542

      SHA1

      ebcfe47bad384564346db4141d26e3e68f9f984f

      SHA256

      c62a90b84dac61f74122f6eaa01665155a18b28a68b799a963f8a877194f922d

      SHA512

      790decec1485e8fc42c3ee09a3e871ee95fdf2bf2e5f15556de0a5b5db2106114d79206acf2dcf3e7c0dbe9df7b1298e0b3f7247a34d9d3bd9f296cc9b61211a