Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    141s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/04/2024, 16:31

General

  • Target

    ffb54a593c21770e07a7a8ed29eb4398_JaffaCakes118.exe

  • Size

    92KB

  • MD5

    ffb54a593c21770e07a7a8ed29eb4398

  • SHA1

    a5bcd270739afdd2f29c9849f4c7f2e16602c518

  • SHA256

    bf10c79411a7a7fa0160ecbca40e56bf5820655c2e6da9c5e44a7a35192f2c0d

  • SHA512

    d07ecb76499531117e267ac949c74dc1dbc96f65a17036ce6f15154eb688fcd23120e6cfca861d15c42a304888b277f1d9dea1a65dab987ee541968f94935d55

  • SSDEEP

    1536:SSOhET7Ou4QaJ0IBSuxkXJFL3mmK/RYsxKAIs27OxiEGPYKI/TkF/00J6IA7cBa:ST/3JzBvwl2m0vMzVX5SkF/MoBa

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ffb54a593c21770e07a7a8ed29eb4398_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ffb54a593c21770e07a7a8ed29eb4398_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of SetWindowsHookEx
    PID:4636

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Temp\tmp.exe

    Filesize

    64KB

    MD5

    eb6c5d961953801c03f0093c0cb1b55e

    SHA1

    c63b78db1bb688d2d6775713fbfa7f5455da9f3d

    SHA256

    e4f248ffa9f97ee6b09f4f3c5fd0c1196b43ab19148a058d9816a74e36011f01

    SHA512

    3c7190c4bf58a5c3871f306c9f8c6e133525f419d9fc1ebd21bb88834e79660527e3b3d2282691c7b2801cc07790172a28c63a9766fb1dbe13b940609e317ade