Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
30/04/2024, 00:48
Static task
static1
Behavioral task
behavioral1
Sample
08a3251583b49269a153c3080705ba62_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
08a3251583b49269a153c3080705ba62_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
08a3251583b49269a153c3080705ba62_JaffaCakes118.exe
-
Size
454KB
-
MD5
08a3251583b49269a153c3080705ba62
-
SHA1
bde9ea76d3e61be5696436f2ab5525c864771038
-
SHA256
9f21cfbb35b52e1eb3251ede95a0412cb1a813f4f288cc13459cdfef1d9d5dbf
-
SHA512
ee8a17318990fc4ccc6020bf837af35da7e02d3ce91d9abd852c1e1ddec54df6bba1d1dd6ee8c027579c51e35c21237c50e557cf3664590bd4bfc4b0ab38e0ff
-
SSDEEP
6144:BvaqS4IR/kviXzd45seH6zdi69hxMwjPVl0x55TurrU41APIJgU6Xozwdab0BXlX:s/kviXzdcH6N9h/Vl45aPU4EEkdBbX
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1168 iobwnedxjvdevl.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1168 iobwnedxjvdevl.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1168 iobwnedxjvdevl.exe 1168 iobwnedxjvdevl.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 4844 wrote to memory of 1168 4844 08a3251583b49269a153c3080705ba62_JaffaCakes118.exe 91 PID 4844 wrote to memory of 1168 4844 08a3251583b49269a153c3080705ba62_JaffaCakes118.exe 91
Processes
-
C:\Users\Admin\AppData\Local\Temp\08a3251583b49269a153c3080705ba62_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\08a3251583b49269a153c3080705ba62_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4844 -
C:\Users\Admin\AppData\Local\Temp\iobwnedxjvdevl.exe"C:\Users\Admin\AppData\Local\Temp\\iobwnedxjvdevl.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4156 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:81⤵PID:740
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD5012c637753ac0d8a386081dfe410b909
SHA141fe035f1a2f8bc19ad18d24c1195b13935af362
SHA2561c8c7c950c32bc85e83cf670781206eb67847e53a818fc761567033e6bcbea17
SHA512ffe6c77e41e3e3872453cf48dcc73b8c1d232a65ad14d411b29f2224d8acfb7a665d2adc3668cabbc3a670a3f3ca3dc0b752fa18cd7b55d2fcd5fb5fb1721983
-
Filesize
454KB
MD508a3251583b49269a153c3080705ba62
SHA1bde9ea76d3e61be5696436f2ab5525c864771038
SHA2569f21cfbb35b52e1eb3251ede95a0412cb1a813f4f288cc13459cdfef1d9d5dbf
SHA512ee8a17318990fc4ccc6020bf837af35da7e02d3ce91d9abd852c1e1ddec54df6bba1d1dd6ee8c027579c51e35c21237c50e557cf3664590bd4bfc4b0ab38e0ff