Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
21/04/2024, 09:11
Behavioral task
behavioral1
Sample
fef1d5396d9b36eed20f7f966a5b914b_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
fef1d5396d9b36eed20f7f966a5b914b_JaffaCakes118.exe
Resource
win10v2004-20240412-en
General
-
Target
fef1d5396d9b36eed20f7f966a5b914b_JaffaCakes118.exe
-
Size
1.5MB
-
MD5
fef1d5396d9b36eed20f7f966a5b914b
-
SHA1
78c6df8a50e2862bf99a62000ed88377b8477a47
-
SHA256
88e5b30907e248585cbcde4cf4dadee1079f5068847a6368fac83e4a0e7b2722
-
SHA512
147a7ecb9fc7eaa88419a77654e0c6ed264ff518af001c963caba3e2e659dc5d746265c5505d075352b9ffcb217d00f40455a0032136a2033c755a8097de6799
-
SSDEEP
24576:U1M13Lm7p0L645/a1gmqjtK1E8PDlYsnMkkYx+ttszumyosYzRo9ogP5H+O2/+BU:Um9LAOG+aamqR2DlYsnMTFLmy4la+h/G
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3652 fef1d5396d9b36eed20f7f966a5b914b_JaffaCakes118.exe -
Executes dropped EXE 1 IoCs
pid Process 3652 fef1d5396d9b36eed20f7f966a5b914b_JaffaCakes118.exe -
resource yara_rule behavioral2/memory/2444-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x000300000001e970-11.dat upx behavioral2/memory/3652-12-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2444 fef1d5396d9b36eed20f7f966a5b914b_JaffaCakes118.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2444 fef1d5396d9b36eed20f7f966a5b914b_JaffaCakes118.exe 3652 fef1d5396d9b36eed20f7f966a5b914b_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2444 wrote to memory of 3652 2444 fef1d5396d9b36eed20f7f966a5b914b_JaffaCakes118.exe 86 PID 2444 wrote to memory of 3652 2444 fef1d5396d9b36eed20f7f966a5b914b_JaffaCakes118.exe 86 PID 2444 wrote to memory of 3652 2444 fef1d5396d9b36eed20f7f966a5b914b_JaffaCakes118.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\fef1d5396d9b36eed20f7f966a5b914b_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\fef1d5396d9b36eed20f7f966a5b914b_JaffaCakes118.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2444 -
C:\Users\Admin\AppData\Local\Temp\fef1d5396d9b36eed20f7f966a5b914b_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\fef1d5396d9b36eed20f7f966a5b914b_JaffaCakes118.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3652
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.5MB
MD56646f340409a8cf4bca01ce7fc57e967
SHA1397cfaeb62c6ec4077e0b3ac5c10a0c108bb14f6
SHA25688b8cc4b9e3f58e27c31cfb2f8c08a0fbf2958da929d5ae26f2d4ae07bc92250
SHA51226923b2c79e8315e14ce92174155b972e45b85dde76fee3f1ffbb9338bd9b536a7e69364c1da395a542c2808664c7b57430094fe509626f990d8fbdd3d687a4e