Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
15/06/2024, 08:28
Static task
static1
Behavioral task
behavioral1
Sample
ad8996a547faf8c6fc181beb8f56f1d8_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
ad8996a547faf8c6fc181beb8f56f1d8_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
ad8996a547faf8c6fc181beb8f56f1d8_JaffaCakes118.exe
-
Size
1.6MB
-
MD5
ad8996a547faf8c6fc181beb8f56f1d8
-
SHA1
8b97e2c6cd070654b586f283091964e1d8e18e93
-
SHA256
174e5ed0f4d62078d217dc695a3cefada5a5c9f20f49dc72b8385a9fbf19f4bd
-
SHA512
12c7c2215fcb53e3011b0c7a762d7c8ccc80dcdf3938fad00bb7e10eab00964a0399b7df6e10bfd66e90f9193871591e159f9477f1455dd7b369b98104c69270
-
SSDEEP
49152:/Zgu8rAi+3USz3h1/XBkThdTlpSuxQxN9dT4S92:/GIjR1Oh0TS
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 1556 ad8996a547faf8c6fc181beb8f56f1d8_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1556 ad8996a547faf8c6fc181beb8f56f1d8_JaffaCakes118.exe 1556 ad8996a547faf8c6fc181beb8f56f1d8_JaffaCakes118.exe 1556 ad8996a547faf8c6fc181beb8f56f1d8_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1556 wrote to memory of 1836 1556 ad8996a547faf8c6fc181beb8f56f1d8_JaffaCakes118.exe 30 PID 1556 wrote to memory of 1836 1556 ad8996a547faf8c6fc181beb8f56f1d8_JaffaCakes118.exe 30 PID 1556 wrote to memory of 1836 1556 ad8996a547faf8c6fc181beb8f56f1d8_JaffaCakes118.exe 30 PID 1556 wrote to memory of 1836 1556 ad8996a547faf8c6fc181beb8f56f1d8_JaffaCakes118.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\ad8996a547faf8c6fc181beb8f56f1d8_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\ad8996a547faf8c6fc181beb8f56f1d8_JaffaCakes118.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1556 -
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\25794.bat" "C:\Users\Admin\AppData\Local\Temp\88D7F7C5E952463CADEA89D4F72B00ED\""2⤵PID:1836
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
212B
MD5668767f1e0c7ff2b3960447e259e9f00
SHA132d8abf834cce72f5e845175a0af2513b00504d8
SHA256cdb93994093a24991c246d8b6f7003920a510a45bfc8441521314ce22a79191d
SHA512c07f26c8601cf91d9805004668463721ab91e14f3cc59e77e20f43d98e070ea8e742c38fe8021c4ffb1ebc02e3743ab732b66ff84bb24b59a5fdcc8634c77680
-
C:\Users\Admin\AppData\Local\Temp\88D7F7C5E952463CADEA89D4F72B00ED\88D7F7C5E952463CADEA89D4F72B00ED_LogFile.txt
Filesize2KB
MD509233df9bea450c995e109aefbdc64b8
SHA115e479f9c90aea49e212768de3bd0ee1bb189005
SHA256d410f9a675380829ee49d67dc86af7dc75927e174e3a34c7f847e91014581138
SHA5127ca811f322fb89bbc82f0dcd2c731fb5d80fe66d888e73a59819e49c9820360b42bc765973f89ae61a594370680b2aa6b6e168c72602ca8058defc596ceb9001
-
C:\Users\Admin\AppData\Local\Temp\88D7F7C5E952463CADEA89D4F72B00ED\88D7F7C5E952463CADEA89D4F72B00ED_LogFile.txt
Filesize10KB
MD5d02a96a6e73f174a540627c6bc827376
SHA1d777be3c436d009af240d8da98f4aa9f33723e78
SHA2560c151ac3292bf887cae5d69b875bbf82c8f04f97e1e5d88a43e15ba5f944667d
SHA5129b097211e59639e0bd08fd7f73c529e848203e629f60f7f73e1dadc600c15f80238e4ced4208d169c3ab2841c8ea65e35eb8625f00bc466a0833233d553c33d5
-
Filesize
106KB
MD51f293e0b1467dd75c367ec3a3dc76614
SHA1575a595952929413a25d1a5b0520d9877c7837ac
SHA256daa70f1e3648909f8822088a7b9d3903a78a792061f2be8d29c2b659f691ce9c
SHA5122419f2e269ae31935d07af925e5e7d85a9ec117aa60ff288abf23f2617d2a5bd5e65a4cbd2d9b5d08fdc54cc583c4a0d870dc1c85a75bfd314e6e009d27e399a