Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    142s
  • max time network
    133s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/06/2024, 09:35

General

  • Target

    07bd0e8cd65f3671801780525b763f21_JaffaCakes118.exe

  • Size

    1.4MB

  • MD5

    07bd0e8cd65f3671801780525b763f21

  • SHA1

    eff6e18dbe9256e249de82c244e2d88e03dcf525

  • SHA256

    18872a45bdb893140f8a91e6a17999227eed1f97e422f6b68e14ad019af61cb9

  • SHA512

    faee415aabb24a1b0b36d8bf23a4745d0ba2f355f4dd36f3fcf07dd8d3482715a865e88d008e7555915f2e320d7e8568bd9943fe4b8150e7838350e303eae8e8

  • SSDEEP

    12288:U4qJPu3O2Obz06e682yjLVkY7Hjs/K5CFTkzcZPqwJMMnGWRGZXtnY++aBMVLnfo:U4qk3/T68vaaZXeM+VZF5QZ/N4l6HQC

Score
7/10

Malware Config

Signatures

  • Uses the VBS compiler for execution 1 TTPs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\07bd0e8cd65f3671801780525b763f21_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\07bd0e8cd65f3671801780525b763f21_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2828
    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
      C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
      2⤵
        PID:876
      • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
        dw20.exe -x -s 1396
        2⤵
        • Checks processor information in registry
        • Enumerates system info in registry
        • Suspicious use of AdjustPrivilegeToken
        PID:1400
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4108,i,12594301322143882025,16832588342008839449,262144 --variations-seed-version --mojo-platform-channel-handle=4296 /prefetch:8
      1⤵
        PID:5044

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2828-0-0x00007FFFAC5E5000-0x00007FFFAC5E6000-memory.dmp

        Filesize

        4KB

      • memory/2828-2-0x00007FFFAC330000-0x00007FFFACCD1000-memory.dmp

        Filesize

        9.6MB

      • memory/2828-1-0x000000001BCA0000-0x000000001BD46000-memory.dmp

        Filesize

        664KB

      • memory/2828-3-0x000000001C220000-0x000000001C6EE000-memory.dmp

        Filesize

        4.8MB

      • memory/2828-4-0x00007FFFAC330000-0x00007FFFACCD1000-memory.dmp

        Filesize

        9.6MB

      • memory/2828-5-0x000000001C860000-0x000000001C8FC000-memory.dmp

        Filesize

        624KB

      • memory/2828-6-0x00007FFFAC330000-0x00007FFFACCD1000-memory.dmp

        Filesize

        9.6MB

      • memory/2828-7-0x00007FFFAC330000-0x00007FFFACCD1000-memory.dmp

        Filesize

        9.6MB

      • memory/2828-8-0x00007FFFAC5E5000-0x00007FFFAC5E6000-memory.dmp

        Filesize

        4KB

      • memory/2828-15-0x00007FFFAC330000-0x00007FFFACCD1000-memory.dmp

        Filesize

        9.6MB