Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
05/06/2024, 17:56
Static task
static1
Behavioral task
behavioral1
Sample
98d914ee3ee607da0fdfa0972493846e_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
98d914ee3ee607da0fdfa0972493846e_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
98d914ee3ee607da0fdfa0972493846e_JaffaCakes118.exe
-
Size
1.7MB
-
MD5
98d914ee3ee607da0fdfa0972493846e
-
SHA1
39a1e0bea0245b8e3abcea6924e0be53a01adcc7
-
SHA256
86d58b4f1ab8ea985109e276834d2ac898c25ccd2643a72964a39df62a1bf630
-
SHA512
4b76c66e9ff5f374c2edfdaa0d6e560a15cf510f517b99409889ddda2ad62f1dcd80b998ba1ea2dff5c1a979c97b15237e1c0f01b594da4712f91f43a591e533
-
SSDEEP
49152:y/acXOlrSXY4JzPzFZOPslLebA5rOYiZnt:P8OlrSRKERebSivZnt
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1668 98d914ee3ee607da0fdfa0972493846e_JaffaCakes118.tmp -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1668 98d914ee3ee607da0fdfa0972493846e_JaffaCakes118.tmp 1668 98d914ee3ee607da0fdfa0972493846e_JaffaCakes118.tmp 1668 98d914ee3ee607da0fdfa0972493846e_JaffaCakes118.tmp 1668 98d914ee3ee607da0fdfa0972493846e_JaffaCakes118.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 556 wrote to memory of 1668 556 98d914ee3ee607da0fdfa0972493846e_JaffaCakes118.exe 92 PID 556 wrote to memory of 1668 556 98d914ee3ee607da0fdfa0972493846e_JaffaCakes118.exe 92 PID 556 wrote to memory of 1668 556 98d914ee3ee607da0fdfa0972493846e_JaffaCakes118.exe 92
Processes
-
C:\Users\Admin\AppData\Local\Temp\98d914ee3ee607da0fdfa0972493846e_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\98d914ee3ee607da0fdfa0972493846e_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:556 -
C:\Users\Admin\AppData\Local\Temp\is-IRVVU.tmp\98d914ee3ee607da0fdfa0972493846e_JaffaCakes118.tmp"C:\Users\Admin\AppData\Local\Temp\is-IRVVU.tmp\98d914ee3ee607da0fdfa0972493846e_JaffaCakes118.tmp" /SL5="$C005E,1064361,70144,C:\Users\Admin\AppData\Local\Temp\98d914ee3ee607da0fdfa0972493846e_JaffaCakes118.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4136 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:81⤵PID:3668
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
85B
MD53468f297609674263536ef07bd267507
SHA17456b350110ce4abb4509c7157330c9af8d382d9
SHA2568e9477bf7dc2435fbf3d3068a2ff39792f96312c0e24c173325db4984889a145
SHA512a8f85e5a3cc531d13640e86dd54f3001e529544ba4876e24ed21bc688c2ef197f416560c1d8d1c015e586b2f445dfb8719e0bdd9f350b67999c7c44d8438e79c
-
Filesize
1.2MB
MD5e7106fbf42fbc6d5b08a18ada4f781b4
SHA136d4a629f79d772c0b0df8bd2ae2ea09108d239d
SHA25664e1f1fa7d91920b17bc7bc679a4cd8d87ff5b104318b6921bb6bf6a19055635
SHA512adf876296a952aadeb4f25211c0939bf5a278809b5d3007ad7e26c5d4975e7684d242c1b3de796efd474a47cb7ecdb80f9047935924a1108bf0e4d7c973d1845