Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
93s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
15/05/2024, 13:14
Static task
static1
Behavioral task
behavioral1
Sample
46567c60eb5941e61e42b935f6e99343_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
46567c60eb5941e61e42b935f6e99343_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
46567c60eb5941e61e42b935f6e99343_JaffaCakes118.exe
-
Size
470KB
-
MD5
46567c60eb5941e61e42b935f6e99343
-
SHA1
baab09315f34efc7b9ab93e2682d54c4acde36fc
-
SHA256
0522edf20899eb07e8391062ee53374d4ceb5465b6de3b01efa2a00f949e2832
-
SHA512
06502b8a575fe304b66140bb9d7087757eecb49bd09e50cbc01c63de77b601c674ebc6091a3d8e46015c61d65ccbf0059f8cea1fbafaba49d876432f152c3b5b
-
SSDEEP
6144:NlwRhA1DvznjP7dnP609PRab+N/JSaQyD9h7kiumdlpkyKOIAvaf9PtZt9Gc3Vu9:7wRu5vlpakJSadzYYpkyKfjDFzd1QV
Malware Config
Signatures
-
Runs ping.exe 1 TTPs 1 IoCs
pid Process 2768 PING.EXE -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 4672 wrote to memory of 5020 4672 46567c60eb5941e61e42b935f6e99343_JaffaCakes118.exe 80 PID 4672 wrote to memory of 5020 4672 46567c60eb5941e61e42b935f6e99343_JaffaCakes118.exe 80 PID 4672 wrote to memory of 5020 4672 46567c60eb5941e61e42b935f6e99343_JaffaCakes118.exe 80 PID 5020 wrote to memory of 2768 5020 cmd.exe 82 PID 5020 wrote to memory of 2768 5020 cmd.exe 82 PID 5020 wrote to memory of 2768 5020 cmd.exe 82
Processes
-
C:\Users\Admin\AppData\Local\Temp\46567c60eb5941e61e42b935f6e99343_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\46567c60eb5941e61e42b935f6e99343_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4672 -
C:\Windows\SysWOW64\cmd.execmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\46567c60eb5941e61e42b935f6e99343_JaffaCakes118.exe"2⤵
- Suspicious use of WriteProcessMemory
PID:5020 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 30003⤵
- Runs ping.exe
PID:2768
-
-