Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
132s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
30/04/2024, 00:48
Static task
static1
Behavioral task
behavioral1
Sample
08a3251583b49269a153c3080705ba62_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
08a3251583b49269a153c3080705ba62_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
08a3251583b49269a153c3080705ba62_JaffaCakes118.exe
-
Size
454KB
-
MD5
08a3251583b49269a153c3080705ba62
-
SHA1
bde9ea76d3e61be5696436f2ab5525c864771038
-
SHA256
9f21cfbb35b52e1eb3251ede95a0412cb1a813f4f288cc13459cdfef1d9d5dbf
-
SHA512
ee8a17318990fc4ccc6020bf837af35da7e02d3ce91d9abd852c1e1ddec54df6bba1d1dd6ee8c027579c51e35c21237c50e557cf3664590bd4bfc4b0ab38e0ff
-
SSDEEP
6144:BvaqS4IR/kviXzd45seH6zdi69hxMwjPVl0x55TurrU41APIJgU6Xozwdab0BXlX:s/kviXzdcH6N9h/Vl45aPU4EEkdBbX
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3060 iobwnedxjvdevl.exe -
Loads dropped DLL 2 IoCs
pid Process 2248 08a3251583b49269a153c3080705ba62_JaffaCakes118.exe 2248 08a3251583b49269a153c3080705ba62_JaffaCakes118.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main iobwnedxjvdevl.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3060 iobwnedxjvdevl.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 3060 iobwnedxjvdevl.exe 3060 iobwnedxjvdevl.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2248 wrote to memory of 3060 2248 08a3251583b49269a153c3080705ba62_JaffaCakes118.exe 28 PID 2248 wrote to memory of 3060 2248 08a3251583b49269a153c3080705ba62_JaffaCakes118.exe 28 PID 2248 wrote to memory of 3060 2248 08a3251583b49269a153c3080705ba62_JaffaCakes118.exe 28 PID 2248 wrote to memory of 3060 2248 08a3251583b49269a153c3080705ba62_JaffaCakes118.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\08a3251583b49269a153c3080705ba62_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\08a3251583b49269a153c3080705ba62_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2248 -
C:\Users\Admin\AppData\Local\Temp\iobwnedxjvdevl.exe"C:\Users\Admin\AppData\Local\Temp\\iobwnedxjvdevl.exe"2⤵
- Executes dropped EXE
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3060
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
454KB
MD508a3251583b49269a153c3080705ba62
SHA1bde9ea76d3e61be5696436f2ab5525c864771038
SHA2569f21cfbb35b52e1eb3251ede95a0412cb1a813f4f288cc13459cdfef1d9d5dbf
SHA512ee8a17318990fc4ccc6020bf837af35da7e02d3ce91d9abd852c1e1ddec54df6bba1d1dd6ee8c027579c51e35c21237c50e557cf3664590bd4bfc4b0ab38e0ff
-
Filesize
11KB
MD5012c637753ac0d8a386081dfe410b909
SHA141fe035f1a2f8bc19ad18d24c1195b13935af362
SHA2561c8c7c950c32bc85e83cf670781206eb67847e53a818fc761567033e6bcbea17
SHA512ffe6c77e41e3e3872453cf48dcc73b8c1d232a65ad14d411b29f2224d8acfb7a665d2adc3668cabbc3a670a3f3ca3dc0b752fa18cd7b55d2fcd5fb5fb1721983