Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

98d914ee3e...18.exe

windows7-x64

7

98d914ee3e...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/06/2024, 17:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    98d914ee3ee607da0fdfa0972493846e_JaffaCakes118.exe

  • Size

    1.7MB

  • MD5

    98d914ee3ee607da0fdfa0972493846e

  • SHA1

    39a1e0bea0245b8e3abcea6924e0be53a01adcc7

  • SHA256

    86d58b4f1ab8ea985109e276834d2ac898c25ccd2643a72964a39df62a1bf630

  • SHA512

    4b76c66e9ff5f374c2edfdaa0d6e560a15cf510f517b99409889ddda2ad62f1dcd80b998ba1ea2dff5c1a979c97b15237e1c0f01b594da4712f91f43a591e533

  • SSDEEP

    49152:y/acXOlrSXY4JzPzFZOPslLebA5rOYiZnt:P8OlrSRKERebSivZnt

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\98d914ee3ee607da0fdfa0972493846e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\98d914ee3ee607da0fdfa0972493846e_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:556
    • C:\Users\Admin\AppData\Local\Temp\is-IRVVU.tmp\98d914ee3ee607da0fdfa0972493846e_JaffaCakes118.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-IRVVU.tmp\98d914ee3ee607da0fdfa0972493846e_JaffaCakes118.tmp" /SL5="$C005E,1064361,70144,C:\Users\Admin\AppData\Local\Temp\98d914ee3ee607da0fdfa0972493846e_JaffaCakes118.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1668
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4136 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3668

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\is-2R1B9.tmp\setupcfg.ini
      Filesize

      85B

      MD5

      3468f297609674263536ef07bd267507

      SHA1

      7456b350110ce4abb4509c7157330c9af8d382d9

      SHA256

      8e9477bf7dc2435fbf3d3068a2ff39792f96312c0e24c173325db4984889a145

      SHA512

      a8f85e5a3cc531d13640e86dd54f3001e529544ba4876e24ed21bc688c2ef197f416560c1d8d1c015e586b2f445dfb8719e0bdd9f350b67999c7c44d8438e79c

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\is-IRVVU.tmp\98d914ee3ee607da0fdfa0972493846e_JaffaCakes118.tmp
      Filesize

      1.2MB

      MD5

      e7106fbf42fbc6d5b08a18ada4f781b4

      SHA1

      36d4a629f79d772c0b0df8bd2ae2ea09108d239d

      SHA256

      64e1f1fa7d91920b17bc7bc679a4cd8d87ff5b104318b6921bb6bf6a19055635

      SHA512

      adf876296a952aadeb4f25211c0939bf5a278809b5d3007ad7e26c5d4975e7684d242c1b3de796efd474a47cb7ecdb80f9047935924a1108bf0e4d7c973d1845

      Download Submit

    • memory/556-0-0x0000000000400000-0x0000000000418000-memory.dmp

      Filesize

      96KB

      Download

    • memory/556-2-0x0000000000401000-0x000000000040D000-memory.dmp

      Filesize

      48KB

      Download

    • memory/556-47-0x0000000000400000-0x0000000000418000-memory.dmp

      Filesize

      96KB

      Download

    • memory/1668-7-0x0000000000400000-0x0000000000536000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/1668-48-0x0000000000400000-0x0000000000536000-memory.dmp

      Filesize

      1.2MB

      Download