Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    158s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/06/2024, 09:56

General

  • Target

    9dc83c7bcb99df1367a89c65b1279ab2_JaffaCakes118.exe

  • Size

    5.5MB

  • MD5

    9dc83c7bcb99df1367a89c65b1279ab2

  • SHA1

    29f9d25e0afbffe2abfbaf8ae7c80366d8b80728

  • SHA256

    ab362df48a7966b449c5688ea93dc0c21e93d928c8829a10a303ba3addb1d46b

  • SHA512

    2aed965822aaf1a92e261aa0941da695a1ebcb6a30e0d5a7611f8d10328fec9631f2e77fbe250190b809742e50035093e3df3025fe39be6342ab542f1b0b8581

  • SSDEEP

    98304:CIBxPDCqpGyZOVEswiAYGhcM8fF2DDJv1I2vPP7+1uI6sQ9o:JZzMyGPu3OR92PE2vNNsQ9

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 10 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9dc83c7bcb99df1367a89c65b1279ab2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\9dc83c7bcb99df1367a89c65b1279ab2_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2648
    • C:\Users\Admin\AppData\Local\Temp\9dc83c7bcb99df1367a89c65b1279ab2_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\9dc83c7bcb99df1367a89c65b1279ab2_JaffaCakes118.exe"
      2⤵
      • Loads dropped DLL
      PID:496
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1344 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:2124

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\_MEI26482\libeay32.DLL

      Filesize

      1008KB

      MD5

      8f4b9a23a0175fefe8388042ac2b7efa

      SHA1

      6355d112ceb46d67b713e803ee3d86b11862e301

      SHA256

      4b38afd7a45dfdaadb115657854974c6465d107bf94ef815757dff22dc74e16b

      SHA512

      57f0287db9b4ce4a5321cf12861f75904b73f9d76015f709ee6578b15125abbc0ffab399b367d6a20883394de0ad9d993e565f32eb25900f41fccfd8ff1cc87a

    • C:\Users\Admin\AppData\Local\Temp\_MEI26482\python27.dll

      Filesize

      2.3MB

      MD5

      1f6a3e2a68eec142bdcc20dc27da7518

      SHA1

      fba21b6b0e69232ed71e01b3ef7639691ca8cf2e

      SHA256

      488fb259c0acda09b93cf95f56d51a17cf16fa2d83dd19a4a4b74a528711a8c0

      SHA512

      e879094624bb1df152b804956fda151605a605c7ae7506e5d963797f61abd97160b3ffdc328b030354216ebc218a59e75f9a48b0b483c253dd51f2a1aa26503b

    • C:\Users\Admin\AppData\Local\Temp\_MEI26482\www-private-key-1S.exe.manifest

      Filesize

      1KB

      MD5

      8aa855778998f254ac52cb3635d8b129

      SHA1

      1c72c3516e391f9008837884bfe786e7797537ea

      SHA256

      2f535afec1d75476fe044bcf2ce34816e9e26587686fea4e88c53fa79f70e1d8

      SHA512

      b5e9402111ba14eae65e50489fce80e53389aceeecfded59900fe42af90d68c3b98de97189b86464085870825ce2d6e3bf7596981907cb4011fb62ae0d3e3165

    • C:\Users\Admin\AppData\Local\Temp\_MEI26~1\_ctypes.pyd

      Filesize

      72KB

      MD5

      f9982f8b1176597b81ed1285d1616ce7

      SHA1

      7cf74cce8b20adeeff83e29eacc028bdf2d7c18a

      SHA256

      d14315cf03aa7d96b714bfc13f7990ec245d205e4a5f9f002d2805e369199239

      SHA512

      cd3339dc69ff918d3e4db2ae219ff7df58f18a151f088fa051b4cdf48e4cfd6569a9ca9e414708818004de7d0cb3cea64fa2ee4c0a1f6b832d86229446e22153

    • C:\Users\Admin\AppData\Local\Temp\_MEI26~1\_hashlib.pyd

      Filesize

      278KB

      MD5

      199bde23ef347dbccc6bf5a112b43c93

      SHA1

      ba98ef27c64eb858ac7c3ae6ff1dece53094e753

      SHA256

      6f8a2f7fe1a702521706fcbe82592ac24e8c897f5bf47f798122dbd0b109c2a6

      SHA512

      dd92d4ad8bda852cfc4b1823d9371c10b5af3ad4057af3269d88ecb70bcd2600807252305ae647ff646f3080ac1e71e918a9ab623ba16fe7b73462238facc9cc

    • C:\Users\Admin\AppData\Local\Temp\_MEI26~1\_socket.pyd

      Filesize

      40KB

      MD5

      07789a8c23bcebe32f8bfd4ce4af5ffb

      SHA1

      132d7ad9d2a7c3ff51b246fd14f0a4f738d68e10

      SHA256

      235cc97584c3d31e5f3146121f64699d30cf372a86868ea755a9a0afa6c56144

      SHA512

      d461d8313c285e568ce44c08d1af7c54aafae0d1e8235109d5d71f6baffe8f677ae3202590cf33ab34625ac87285c7dc4c1df2e2181acd4b998309d23e12fd3e

    • C:\Users\Admin\AppData\Local\Temp\_MEI26~1\_ssl.pyd

      Filesize

      1.3MB

      MD5

      d0e36d53cbcea2ac559fec2c596f5b06

      SHA1

      8abe0c059ef3403d067a49cf8abcb883c7f113ec

      SHA256

      ae14e8d2ac9adbbb1c1d2a8001a017ba577663322fe7606c22bc0081d2764bc9

      SHA512

      6cc4a3ede744f81a8e619ee919dfc25e3d16bdcdcf25ec49699d9c1b5511e29d88c67bb7f6936363960838a73e4417668fe6a18220bf777baf174bb8278b69be

    • C:\Users\Admin\AppData\Local\Temp\_MEI26~1\pycurl.pyd

      Filesize

      2.1MB

      MD5

      c4479ced36eeaf704bab58b2f8516880

      SHA1

      08879f664fa446dbbdc906ff6d2f2bb12423b56c

      SHA256

      671ce7c20a9df78c88d0f9932484f0f076b151452ad331ea5d60ee966ca36e12

      SHA512

      f7ca5edcc340ccf3d892d8ea13c9dc05d088023a31fd7c73f54555ce72b6de4d4f5cc928d7538ba5028c99760d879aef266708368576a5fef7ec5cd31f4a3ec6

    • memory/496-31-0x0000000001660000-0x000000000166C000-memory.dmp

      Filesize

      48KB

    • memory/496-35-0x0000000003780000-0x00000000039A9000-memory.dmp

      Filesize

      2.2MB

    • memory/496-40-0x0000000003AF0000-0x0000000003BF2000-memory.dmp

      Filesize

      1.0MB