Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
14/05/2024, 10:13
Static task
static1
Behavioral task
behavioral1
Sample
411ee6851b5b6f7a911ec0ba982283eb_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
411ee6851b5b6f7a911ec0ba982283eb_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
411ee6851b5b6f7a911ec0ba982283eb_JaffaCakes118.exe
-
Size
241KB
-
MD5
411ee6851b5b6f7a911ec0ba982283eb
-
SHA1
212e4deee6f67abac8bccce6aad49f31812c6449
-
SHA256
157fed21dc522d91382f17c2d667de4f62fb2a5233ba2454cf6438bc12e330c1
-
SHA512
14f62493e07adb96add1ee3c77e7016a6f83cfb6246ec7214c047d5e49c1261206e579b506c38c102f6f4b20eef9b8e9b6421a2b114ede17dfbc0b69d9e49486
-
SSDEEP
6144:K3bHS0G6hiqMf1EGVFx6TwRRn03GHT9u4MPsPHkszs5s/B5:K3K68Zft2GzY70PHH7/r
Malware Config
Signatures
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 20 IoCs
pid Process 536 411ee6851b5b6f7a911ec0ba982283eb_JaffaCakes118.exe 536 411ee6851b5b6f7a911ec0ba982283eb_JaffaCakes118.exe 536 411ee6851b5b6f7a911ec0ba982283eb_JaffaCakes118.exe 536 411ee6851b5b6f7a911ec0ba982283eb_JaffaCakes118.exe 536 411ee6851b5b6f7a911ec0ba982283eb_JaffaCakes118.exe 536 411ee6851b5b6f7a911ec0ba982283eb_JaffaCakes118.exe 536 411ee6851b5b6f7a911ec0ba982283eb_JaffaCakes118.exe 536 411ee6851b5b6f7a911ec0ba982283eb_JaffaCakes118.exe 536 411ee6851b5b6f7a911ec0ba982283eb_JaffaCakes118.exe 536 411ee6851b5b6f7a911ec0ba982283eb_JaffaCakes118.exe 536 411ee6851b5b6f7a911ec0ba982283eb_JaffaCakes118.exe 536 411ee6851b5b6f7a911ec0ba982283eb_JaffaCakes118.exe 536 411ee6851b5b6f7a911ec0ba982283eb_JaffaCakes118.exe 536 411ee6851b5b6f7a911ec0ba982283eb_JaffaCakes118.exe 536 411ee6851b5b6f7a911ec0ba982283eb_JaffaCakes118.exe 536 411ee6851b5b6f7a911ec0ba982283eb_JaffaCakes118.exe 536 411ee6851b5b6f7a911ec0ba982283eb_JaffaCakes118.exe 536 411ee6851b5b6f7a911ec0ba982283eb_JaffaCakes118.exe 536 411ee6851b5b6f7a911ec0ba982283eb_JaffaCakes118.exe 536 411ee6851b5b6f7a911ec0ba982283eb_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\411ee6851b5b6f7a911ec0ba982283eb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\411ee6851b5b6f7a911ec0ba982283eb_JaffaCakes118.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
PID:536
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1032 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:81⤵PID:5008
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
758B
MD5bd7efd30f65a140c6228d4e27fa60b24
SHA18341fb7a6ca34b7e526867c63101e41b5680b3a5
SHA2566c1bab89220be47c059bb4b854ef99aac87625e3fea590f49ecc1189bea27bd3
SHA512bdd65ecd5b174855c818adabe268909e5a99cbdbc5e2465eda7e32fb3642194a1348372b5cee3848eea126ffe490d3ebc051cbb6ea084db50ab05daeb79caebb
-
Filesize
1KB
MD53d31bee842a69dd804fdad108d1d031b
SHA1b7e8e62b0471fb53d0fbf9984b63f829d2b32d33
SHA256fc2e31e105571ac0e5c5ba8e89e4fd2eef4af0760f0b05386f0453c6ce2d3e3f
SHA5125b1c9be79d8885ea775189723748f862ca006a8185184758362748480eb4fb700e4e09a669809c3545700f268a398d3acfc05385b59b71cbf4db0e7c4bff0953