Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
142s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
24/06/2024, 14:45
Static task
static1
Behavioral task
behavioral1
Sample
09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe
-
Size
880KB
-
MD5
09222dbc2079ab17817c7c3157a8da5e
-
SHA1
f0ecbf432fd79ccfb33c4f57e5384ace8c980591
-
SHA256
8530c9ab25bb6893ba83fc892ae24c342fc90fd3eb3b55bdf5b18a883a1cb5bb
-
SHA512
bedec09b97585b2eddc627bd6e11eb26371ab1c9606948127fea6b8e18df1fbd00a0522a27126b1965c56f0a93221cc6618283946a4c0cf9c04a42d6585a8026
-
SSDEEP
12288:54aBIhvjgcYYx1e81ShdpJNZ3bXZo9rcPrryLsUNc//////v:54q6vNYYx1t6rZ3bJoOPrmL/c//////v
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2044 adsltest.exe -
Loads dropped DLL 43 IoCs
pid Process 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 2044 adsltest.exe 2044 adsltest.exe 2044 adsltest.exe 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2212 wrote to memory of 2044 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 28 PID 2212 wrote to memory of 2044 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 28 PID 2212 wrote to memory of 2044 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 28 PID 2212 wrote to memory of 2044 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 28 PID 2212 wrote to memory of 2044 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 28 PID 2212 wrote to memory of 2044 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 28 PID 2212 wrote to memory of 2044 2212 09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\09222dbc2079ab17817c7c3157a8da5e_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2212 -
C:\Users\Admin\AppData\Local\Temp\adsltest.exeC:\Users\Admin\AppData\Local\Temp\adsltest.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2044
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
757KB
MD5d95b3f3473e57c9186088674c25d2246
SHA1f752a6c8e54043456fd90b94cff801ad52a25994
SHA256dd7976d517c48221f5b3664d3af938d4a674588f9b45a334453f8d5df24a9a0e
SHA512c0bcb0276c44a5a426c5b96e7bfba9e2d79b9d38fb1cd66843680e22aefbf9cadcedef6b68318bcbfb32f57e2b64c915cb1ac6628a29037fa9544c24f7297a9c
-
Filesize
10KB
MD5810f3a0aefe36a9f63e29e604bea91a9
SHA12559d3d4adf51f8ecbe2d07e669e344eb7d0bd80
SHA256f160eb7a1b4eb8d2e99e7424ae058acd81ba5019e43cbfa0ce81e3102b356779
SHA512836b73c38ab60260e1bc81ebf8347e14d02453fc361b7d6f10f137287b8189f8bc43758ce2d9def8fd1c71112aab7ef1930af2d64ae69f6d4e58a6fe17b310bb
-
Filesize
20KB
MD550fdadda3e993688401f6f1108fabdb4
SHA104a9ae55d0fb726be49809582cea41d75bf22a9a
SHA2566d6ddc0d2b7d59eb91be44939457858ced5eb23cf4aa93ef33bb600eb28de6f6
SHA512e9628870feea8c3aaefe22a2af41cf34b1c1778c4a0e81d069f50553ce1a23f68a0ba74b296420b2be92425d4995a43e51c018c2e8197ec2ec39305e87c56be8