Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
24/06/2024, 22:01
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
0ad8c05b5f580f1ef71ecacc785500e7_JaffaCakes118.exe
Resource
win7-20240611-en
windows7-x64
8 signatures
150 seconds
Behavioral task
behavioral2
Sample
0ad8c05b5f580f1ef71ecacc785500e7_JaffaCakes118.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
0ad8c05b5f580f1ef71ecacc785500e7_JaffaCakes118.exe
-
Size
88KB
-
MD5
0ad8c05b5f580f1ef71ecacc785500e7
-
SHA1
702f3c2801f8bfc0569157d26cacbb4f2cbb1e31
-
SHA256
906450e5c063c8853d1cbcfc5ea667be21ffcc6a8f1830285926dc3f80b479cc
-
SHA512
463ba0a04193862a1d7ecca3bf67411f50ca869b5dc9a78c6ceb7c2483e46ff6d6b054eec219476cfbbebefc2a9001d65bc7240db9e0ed95b0ee59bb7852108b
-
SSDEEP
768:nDFIbMp4PddaqnObOasGEwU8Z1Rbe2kjEQJQ1H7a8zFkzqcw+ctn:xIAp4yiCU8Z1QjEQJecw+c9
Score
10/10
Malware Config
Signatures
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" mjfuiz.exe -
Executes dropped EXE 1 IoCs
pid Process 2160 mjfuiz.exe -
Loads dropped DLL 2 IoCs
pid Process 2916 0ad8c05b5f580f1ef71ecacc785500e7_JaffaCakes118.exe 2916 0ad8c05b5f580f1ef71ecacc785500e7_JaffaCakes118.exe -
Adds Run key to start application 2 TTPs 50 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /S" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /k" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /G" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /i" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /A" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /c" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /J" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /F" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /l" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /d" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /p" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /Y" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /E" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /C" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /w" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /L" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /t" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /B" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /U" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /T" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /R" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /f" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /Q" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /m" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /X" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /r" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /j" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /u" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /D" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /H" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /z" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /g" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /V" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /W" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /e" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /v" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /P" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /b" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /q" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /n" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /N" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /M" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /y" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /x" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /O" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /K" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /s" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /Z" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /I" mjfuiz.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\mjfuiz = "C:\\Users\\Admin\\mjfuiz.exe /o" mjfuiz.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe 2160 mjfuiz.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2916 0ad8c05b5f580f1ef71ecacc785500e7_JaffaCakes118.exe 2160 mjfuiz.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2916 wrote to memory of 2160 2916 0ad8c05b5f580f1ef71ecacc785500e7_JaffaCakes118.exe 28 PID 2916 wrote to memory of 2160 2916 0ad8c05b5f580f1ef71ecacc785500e7_JaffaCakes118.exe 28 PID 2916 wrote to memory of 2160 2916 0ad8c05b5f580f1ef71ecacc785500e7_JaffaCakes118.exe 28 PID 2916 wrote to memory of 2160 2916 0ad8c05b5f580f1ef71ecacc785500e7_JaffaCakes118.exe 28 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27 PID 2160 wrote to memory of 2916 2160 mjfuiz.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\0ad8c05b5f580f1ef71ecacc785500e7_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\0ad8c05b5f580f1ef71ecacc785500e7_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2916 -
C:\Users\Admin\mjfuiz.exe"C:\Users\Admin\mjfuiz.exe"2⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2160
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
88KB
MD5f6ec8a611b0a86e6509add7c5fb2bbd0
SHA1cbb60e78fb25cc9d94e29e392db8d95533bce0b1
SHA256070ae9c7d0c22c2ba99fc964942137e63b017e8bab2e3d3a6ddd2f72b9146060
SHA512e60ef744ee63dcff4d773cf403201f528b92505451f9f15f3d28fbc04889bb95478ee81bffba3ae82ea2e2b279f43c426694cd36c8a3cc9c592133b9dc83f8e6