Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    127s
  • max time network
    49s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/05/2024, 14:33

General

  • Target

    0c0bd343cfb9cc71e7dd1325e8410c53_JaffaCakes118.exe

  • Size

    356KB

  • MD5

    0c0bd343cfb9cc71e7dd1325e8410c53

  • SHA1

    d8dc95c38d71a1b4fba163a014ad9465c0eff587

  • SHA256

    5878146740e08f9e44bda44e69217568214bd101c514c63e876302d31c20209a

  • SHA512

    4eaddf11a4904b60809ef64420cef357e1ddebe529e2ee7aeaf8d4725ce8f21645223fdd9a105dc2442aae6da2b955fdaf7b53759640e9ee8d4be5b1021f94d0

  • SSDEEP

    6144:BZ0FkvPi5sZ2Dzwcnj67Q6SSfxEmJCG16SSfxEmJ:4FGPi5Bz6c6lfr96lfr

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops autorun.inf file 1 TTPs 4 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0c0bd343cfb9cc71e7dd1325e8410c53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0c0bd343cfb9cc71e7dd1325e8410c53_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4692
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\0c0bd343cfb9cc71e7dd1325e8410c53_JaffaCakes118kill.bat
      2⤵
        PID:4564
      • C:\Windows\CCTV.exe
        C:\Windows\CCTV.exe
        2⤵
        • Executes dropped EXE
        • Drops autorun.inf file
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Suspicious use of SetWindowsHookEx
        PID:3096

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files\7-Zip\7z.exe

      Filesize

      900KB

      MD5

      80b4385a190e097666c587b9332392a9

      SHA1

      4edd4e16ce3ae64396af501ce80619c557047b6a

      SHA256

      9b974e43cc297680fa78ae9eadba9014ab0f1b8a617e759a4735c9ccf2213a3f

      SHA512

      77ecc64f3e5fb1ff2c1c51e7203a7aa5996c762e5e14439a81191008fe84e78ff60180777727366c6f3cc4a85be4cc3e3cbf394e87d0b9564925e87ae9bd3cec

    • C:\Users\Admin\AppData\Local\Temp\0c0bd343cfb9cc71e7dd1325e8410c53_JaffaCakes118kill.bat

      Filesize

      216B

      MD5

      ee6b3f4fa78ec0beec057271b2898042

      SHA1

      128a2a6a8b9da590d4d25c67488bbd412f8d8428

      SHA256

      5b1b29fb17c068e47723f4906fd2ebd43c21e6cc0edd1fd65589b7bf3c592ba8

      SHA512

      ec473d6227b7ad64b3c05d05126cd29a1ac3ffe523e65a115f7953244244343da3b503c8b2820bdf6b8c0a07d4649700cf30c5089f6d7dff6cf420016f2b36da

    • C:\Windows\CCTV.exe

      Filesize

      356KB

      MD5

      0c0bd343cfb9cc71e7dd1325e8410c53

      SHA1

      d8dc95c38d71a1b4fba163a014ad9465c0eff587

      SHA256

      5878146740e08f9e44bda44e69217568214bd101c514c63e876302d31c20209a

      SHA512

      4eaddf11a4904b60809ef64420cef357e1ddebe529e2ee7aeaf8d4725ce8f21645223fdd9a105dc2442aae6da2b955fdaf7b53759640e9ee8d4be5b1021f94d0

    • memory/4692-0-0x0000000000400000-0x0000000000419000-memory.dmp

      Filesize

      100KB