Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

8c90e3c6ef...18.exe

windows7-x64

3

8c90e3c6ef...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/06/2024, 02:11 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8c90e3c6ef8424cf68816d0980ca0bbd_JaffaCakes118.exe

  • Size

    191KB

  • MD5

    8c90e3c6ef8424cf68816d0980ca0bbd

  • SHA1

    97042147ae708fad89348aa55575e222719e25c0

  • SHA256

    0379f22f87db00624d4f2c92dbc93f895c481b67bac13dcfbc270ca95f22d616

  • SHA512

    0d4bb376428105b29c758d99d52840326547d884935748987058d464433485ae15413198b1edda9b38681ed03e827905a2bf37962af8f5e1af4090715e03ebbc

  • SSDEEP

    3072:HADWbKzKbQmSVdSme+xmJyD4BliqzsmmEpEmboQd+ccewkyeZyYPuvGCJ30EZ0dx:HAVySV1eY4k437d+4wkTHdS2p

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8c90e3c6ef8424cf68816d0980ca0bbd_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8c90e3c6ef8424cf68816d0980ca0bbd_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of SetWindowsHookEx
    PID:1800
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3708 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3164

    Network

    • flag-us
      DNS
      service.srvmd2.com
      8c90e3c6ef8424cf68816d0980ca0bbd_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      service.srvmd2.com
      IN A
      Response
    • flag-us
      DNS
      0.204.248.87.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      0.204.248.87.in-addr.arpa
      IN PTR
      Response
      0.204.248.87.in-addr.arpa
      IN PTR
      https-87-248-204-0lhrllnwnet
    • flag-us
      DNS
      228.249.119.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      228.249.119.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      138.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      138.32.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      138.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      138.32.126.40.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      28.118.140.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      28.118.140.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      206.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      206.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      26.165.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      26.165.165.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      82.90.14.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      82.90.14.23.in-addr.arpa
      IN PTR
      Response
      82.90.14.23.in-addr.arpa
      IN PTR
      a23-14-90-82deploystaticakamaitechnologiescom
    • flag-us
      DNS
      82.90.14.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      82.90.14.23.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      chromewebstore.googleapis.com
      Remote address:
      8.8.8.8:53
      Request
      chromewebstore.googleapis.com
      IN A
      Response
      chromewebstore.googleapis.com
      IN A
      142.250.187.202
      chromewebstore.googleapis.com
      IN A
      142.250.187.234
      chromewebstore.googleapis.com
      IN A
      142.250.178.10
      chromewebstore.googleapis.com
      IN A
      172.217.16.234
      chromewebstore.googleapis.com
      IN A
      142.250.200.10
      chromewebstore.googleapis.com
      IN A
      142.250.200.42
      chromewebstore.googleapis.com
      IN A
      216.58.201.106
      chromewebstore.googleapis.com
      IN A
      216.58.204.74
      chromewebstore.googleapis.com
      IN A
      216.58.212.202
      chromewebstore.googleapis.com
      IN A
      172.217.169.42
      chromewebstore.googleapis.com
      IN A
      142.250.179.234
      chromewebstore.googleapis.com
      IN A
      142.250.180.10
    • flag-us
      DNS
      chromewebstore.googleapis.com
      Remote address:
      8.8.8.8:53
      Request
      chromewebstore.googleapis.com
      IN Unknown
      Response
    • flag-us
      DNS
      202.187.250.142.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      202.187.250.142.in-addr.arpa
      IN PTR
      Response
      202.187.250.142.in-addr.arpa
      IN PTR
      lhr25s33-in-f101e100net
    • 142.250.187.202:443
      chromewebstore.googleapis.com
      tls
      1.9kB
       7.9kB
       15
      16
    • 8.8.8.8:53
      service.srvmd2.com
      dns
      8c90e3c6ef8424cf68816d0980ca0bbd_JaffaCakes118.exe
      64 B
       137 B
       1
      1

      DNS Request

      service.srvmd2.com

    • 8.8.8.8:53
      0.204.248.87.in-addr.arpa
      dns
      71 B
       116 B
       1
      1

      DNS Request

      0.204.248.87.in-addr.arpa

    • 8.8.8.8:53
      228.249.119.40.in-addr.arpa
      dns
      73 B
       159 B
       1
      1

      DNS Request

      228.249.119.40.in-addr.arpa

    • 8.8.8.8:53
      138.32.126.40.in-addr.arpa
      dns
      144 B
       158 B
       2
      1

      DNS Request

      138.32.126.40.in-addr.arpa

      DNS Request

      138.32.126.40.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      28.118.140.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      28.118.140.52.in-addr.arpa

    • 8.8.8.8:53
      206.23.85.13.in-addr.arpa
      dns
      71 B
       145 B
       1
      1

      DNS Request

      206.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      26.165.165.52.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      26.165.165.52.in-addr.arpa

    • 8.8.8.8:53
      82.90.14.23.in-addr.arpa
      dns
      140 B
       133 B
       2
      1

      DNS Request

      82.90.14.23.in-addr.arpa

      DNS Request

      82.90.14.23.in-addr.arpa

    • 8.8.8.8:53
      chromewebstore.googleapis.com
      dns
      75 B
       267 B
       1
      1

      DNS Request

      chromewebstore.googleapis.com

      DNS Response

      142.250.187.202
      142.250.187.234
      142.250.178.10
      172.217.16.234
      142.250.200.10
      142.250.200.42
      216.58.201.106
      216.58.204.74
      216.58.212.202
      172.217.169.42
      142.250.179.234
      142.250.180.10

    • 8.8.8.8:53
      chromewebstore.googleapis.com
      dns
      75 B
       132 B
       1
      1

      DNS Request

      chromewebstore.googleapis.com

    • 8.8.8.8:53
      202.187.250.142.in-addr.arpa
      dns
      74 B
       113 B
       1
      1

      DNS Request

      202.187.250.142.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.