Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
143s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
15/06/2024, 13:24
Static task
static1
Behavioral task
behavioral1
Sample
ae9e7c78d21ac1a452920e2ab089f6d3_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
ae9e7c78d21ac1a452920e2ab089f6d3_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
ae9e7c78d21ac1a452920e2ab089f6d3_JaffaCakes118.exe
-
Size
462KB
-
MD5
ae9e7c78d21ac1a452920e2ab089f6d3
-
SHA1
c97f3235f7950e457f7b73bab617a736cd9e4bc0
-
SHA256
06959d089f35b3ae5c8a8b62d38135c3cf15e1ffc0727ba6c2797f7a665b2fbc
-
SHA512
c63250d56b85530c7f02e53403aa2240167f2b692aed32e14eccde617feb517aa49295f9f98ce72e8127d20ce63160f98d2be3f548698491d150c0ebba824eaf
-
SSDEEP
6144:+xFKG+EZRfhSQO/De0b1P5re5jV+c5PH64KRQ5fGAf8dmGCKnJZQb:+xAO0QOlJPM+c5Pa9RQ5fGAkdmGCsHQb
Malware Config
Signatures
-
Runs ping.exe 1 TTPs 1 IoCs
pid Process 1448 PING.EXE -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 4204 wrote to memory of 2040 4204 ae9e7c78d21ac1a452920e2ab089f6d3_JaffaCakes118.exe 97 PID 4204 wrote to memory of 2040 4204 ae9e7c78d21ac1a452920e2ab089f6d3_JaffaCakes118.exe 97 PID 4204 wrote to memory of 2040 4204 ae9e7c78d21ac1a452920e2ab089f6d3_JaffaCakes118.exe 97 PID 2040 wrote to memory of 1448 2040 cmd.exe 99 PID 2040 wrote to memory of 1448 2040 cmd.exe 99 PID 2040 wrote to memory of 1448 2040 cmd.exe 99
Processes
-
C:\Users\Admin\AppData\Local\Temp\ae9e7c78d21ac1a452920e2ab089f6d3_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\ae9e7c78d21ac1a452920e2ab089f6d3_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4204 -
C:\Windows\SysWOW64\cmd.execmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\ae9e7c78d21ac1a452920e2ab089f6d3_JaffaCakes118.exe"2⤵
- Suspicious use of WriteProcessMemory
PID:2040 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 30003⤵
- Runs ping.exe
PID:1448
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3240,i,16488180140590516186,11762960689811837350,262144 --variations-seed-version --mojo-platform-channel-handle=4048 /prefetch:81⤵PID:2800