Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
29/04/2024, 15:02
Static task
static1
Behavioral task
behavioral1
Sample
07f1291a3ae58be9d8c696f14eb56af8_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
07f1291a3ae58be9d8c696f14eb56af8_JaffaCakes118.exe
Resource
win10v2004-20240419-en
General
-
Target
07f1291a3ae58be9d8c696f14eb56af8_JaffaCakes118.exe
-
Size
10KB
-
MD5
07f1291a3ae58be9d8c696f14eb56af8
-
SHA1
f87983edd771334dcfa2cbb071595142a2568909
-
SHA256
53f18343a53a4d35670199ab1c9b66eadca4788c128d58e3fa6a90f210f1eebd
-
SHA512
bdf5ba1429cdef0c5534e8fb76dda4a69f7cb0514e17e6841f2674fb03ed0cee817c186f19c28df2e9e63c587600d88eb08f44c83bfdca266be6b066f4cb6271
-
SSDEEP
192:ibrETxL4X4f0y4PJuCIa0K8ocRbHzbaAU/uCdCIP:iXET14X4f0y4ER1ocRbvaAUu2P
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2740 budha.exe -
Loads dropped DLL 2 IoCs
pid Process 2276 07f1291a3ae58be9d8c696f14eb56af8_JaffaCakes118.exe 2276 07f1291a3ae58be9d8c696f14eb56af8_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2276 wrote to memory of 2740 2276 07f1291a3ae58be9d8c696f14eb56af8_JaffaCakes118.exe 28 PID 2276 wrote to memory of 2740 2276 07f1291a3ae58be9d8c696f14eb56af8_JaffaCakes118.exe 28 PID 2276 wrote to memory of 2740 2276 07f1291a3ae58be9d8c696f14eb56af8_JaffaCakes118.exe 28 PID 2276 wrote to memory of 2740 2276 07f1291a3ae58be9d8c696f14eb56af8_JaffaCakes118.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\07f1291a3ae58be9d8c696f14eb56af8_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\07f1291a3ae58be9d8c696f14eb56af8_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2276 -
C:\Users\Admin\AppData\Local\Temp\budha.exe"C:\Users\Admin\AppData\Local\Temp\budha.exe"2⤵
- Executes dropped EXE
PID:2740
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD5185b057f791ff0f9f8798084fd2588f5
SHA1e6f75e036f3aeebf817c34b2ba268a16708f4122
SHA25625888e6a15c6137fc0eacce0eb3e7b6166a6ee5c0c2441bbdd10f5a79857fc2c
SHA512338e1b3ed9ca1fefd78ec039ad4901b819c93fbf73ea82856b65169f8a7400fddef002cd0e3f98db554bebfda88f9c78cd24a433d422a0bd463f8f60b024cf61