Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
25/05/2024, 05:02
Static task
static1
Behavioral task
behavioral1
Sample
70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe
-
Size
1.1MB
-
MD5
70edbb6fa8397418364b0441922a165f
-
SHA1
3c2e086fc6d479a862ee2356f3caf262f796beb0
-
SHA256
23c59414c0561ed147c96f4c6ada242338fb68e495e8faa71a8e7891aa3968df
-
SHA512
6d2a786026da8459611bc023e4eea00f6af1d8626f685b533fff983b9f5122b9749e48596c734fbf7c03fea1ae67b12daa6efbd515edc777722d8171bb6be516
-
SSDEEP
24576:AKnxgrmT26nNwmlH2YmiXFKZTXQ6Nvx4C8IhbdhV:JAmTDnK+2YmiXgZTr5bbdhV
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2180 70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe -
Loads dropped DLL 1 IoCs
pid Process 1708 70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe -
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 2180 set thread context of 2692 2180 70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe 29 -
Suspicious use of WriteProcessMemory 12 IoCs
description pid Process procid_target PID 1708 wrote to memory of 2180 1708 70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe 28 PID 1708 wrote to memory of 2180 1708 70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe 28 PID 1708 wrote to memory of 2180 1708 70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe 28 PID 1708 wrote to memory of 2180 1708 70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe 28 PID 1708 wrote to memory of 2180 1708 70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe 28 PID 1708 wrote to memory of 2180 1708 70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe 28 PID 1708 wrote to memory of 2180 1708 70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe 28 PID 2180 wrote to memory of 2692 2180 70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe 29 PID 2180 wrote to memory of 2692 2180 70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe 29 PID 2180 wrote to memory of 2692 2180 70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe 29 PID 2180 wrote to memory of 2692 2180 70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe 29 PID 2180 wrote to memory of 2692 2180 70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1708 -
C:\Users\Admin\AppData\Local\Temp\{86F7BEF6-5117-4618-84F8-028FF027CD5C}\70edbb6fa8397418364b0441922a165f_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\{86F7BEF6-5117-4618-84F8-028FF027CD5C}\70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe /q"C:\Users\Admin\AppData\Local\Temp\70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe" /tempdisk1folder"C:\Users\Admin\AppData\Local\Temp\{86F7BEF6-5117-4618-84F8-028FF027CD5C}" /IS_temp2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2180 -
C:\Windows\SysWOW64\explorer.exeC:\Windows\system32\explorer.exe3⤵PID:2692
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\{86F7BEF6-5117-4618-84F8-028FF027CD5C}\70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe
Filesize1.1MB
MD570edbb6fa8397418364b0441922a165f
SHA13c2e086fc6d479a862ee2356f3caf262f796beb0
SHA25623c59414c0561ed147c96f4c6ada242338fb68e495e8faa71a8e7891aa3968df
SHA5126d2a786026da8459611bc023e4eea00f6af1d8626f685b533fff983b9f5122b9749e48596c734fbf7c03fea1ae67b12daa6efbd515edc777722d8171bb6be516
-
Filesize
208B
MD512a64bfd1b6b8322d641fdb3779cbc58
SHA1c136cb90b5ddb4682d7436ac7fd96d81e88c18d4
SHA256d40ac03cc20db67c57afcf6b7de66b69df37b72d54e928b99ea24547e0a10ec2
SHA512f40edbc1b838a4e55fdf162ac717274d4366627fafc14185d56f042d8e8165c3a8d582d98fa8420f2794972f5893da8a039c411786bf946b40e47237cd41f692
-
Filesize
20B
MD5db9af7503f195df96593ac42d5519075
SHA11b487531bad10f77750b8a50aca48593379e5f56
SHA2560a33c5dffabcf31a1f6802026e9e2eef4b285e57fd79d52fdcd98d6502d14b13
SHA5126839264e14576fe190260a4b82afc11c88e50593a20113483851bf4abfdb7cca9986bef83f4c6b8f98ef4d426f07024cf869e8ab393df6d2b743b9b8e2544e1b
-
Filesize
756B
MD5f2b6fff0d6a5a1f2693e9c130963b53b
SHA14f365a3d4939861e5ec2c6ac03125f4839e999fe
SHA256f6e357d92f0c05f5557615708ac9ddd723d507854d5a8b7033b6c1e08e0ba898
SHA51230d744c808697382ead6cf7273aeeb7b930257ac7918b8ded378e776b043a14bf3df31d385c3b3899b504a6a511547b1a9cff5ac9b9de8af54444094f7f30607