Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
133s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
28/06/2024, 12:09
General
-
Target
1a0f363e69c03fe992e6a28cf4823815_JaffaCakes118.exe
-
Size
168KB
-
MD5
1a0f363e69c03fe992e6a28cf4823815
-
SHA1
4a6aa3f65685d4b4f896288f8a96047e6ae3166b
-
SHA256
dc270d82b4639c4783ab2469e8428cfb979921035502d6ee3002f0d839d82c6c
-
SHA512
e3adf529db0c04d6b73d95efa4451f7ac36387615c388039520989b2969edde740797490f14481015a96ff11ac0ff435de4bdf59a54336fea21acc110ae2f2e0
-
SSDEEP
3072:gLuC9XN6Q22l61bgI3fZD5uA9vfB0q1wdNp9Txfs5Bw0/Cq:M9d6Qdl8ffv4fp9T0BzN
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Enumerates connected drives 3 TTPs 64 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory 64 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1a0f363e69c03fe992e6a28cf4823815_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\1a0f363e69c03fe992e6a28cf4823815_JaffaCakes118.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe2⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe3⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe4⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe5⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe6⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe7⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe8⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe9⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe10⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe11⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe12⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe13⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe14⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe15⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe16⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe17⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe18⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe19⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe20⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe21⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe22⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe23⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe24⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe25⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe26⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe27⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe28⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe29⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe30⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe31⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe32⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe33⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe34⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe35⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe36⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe37⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe38⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe39⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe40⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe41⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe42⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe43⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe44⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe45⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe46⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe47⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe48⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe49⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe50⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe51⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe52⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe53⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe54⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe55⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe56⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe57⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe58⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe59⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe60⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe61⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe62⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe63⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe64⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe65⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe66⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe67⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe68⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe69⤵
- Enumerates connected drives
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe70⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe71⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe72⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe73⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe74⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe75⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe76⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe77⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe78⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe79⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe80⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe81⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe82⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe83⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe84⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe85⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe86⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe87⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe88⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe89⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe90⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe91⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe92⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe93⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe94⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe95⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe96⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe97⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe98⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe99⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe100⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe101⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe102⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe103⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe104⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe105⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe106⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe107⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe108⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe109⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe110⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe111⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe112⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe113⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe114⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe115⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe116⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe117⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe118⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe119⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe120⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-