Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

263f05ff35...18.exe

windows7-x64

6

263f05ff35...18.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    149s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/07/2024, 21:18 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    263f05ff35ec9567134dfa7b5db53b26_JaffaCakes118.exe

  • Size

    2.9MB

  • MD5

    263f05ff35ec9567134dfa7b5db53b26

  • SHA1

    850dc0017459475ec475f273f1517dbd6b532e18

  • SHA256

    5dc461aaef3fd61ba88fce2b4d35fdbd941b36fd6bbd72cf88677dd5b084d113

  • SHA512

    1b6d5af344a731bda1d7b33adc2716588b690c5eff36e99e8e666ac0e735f4230561a999ce2a609a4eead9117a57264b70f6e7de768d4a64da8a3049590032a4

  • SSDEEP

    49152:+pxpinkI83gEAOsVWsEe/P/HA7vIvwLSo/O3ZT+Bli+wvg+cl+GJstbJh5AMyyq:U+nkcvVWLaojIeOtsi+wElKIM1

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\263f05ff35ec9567134dfa7b5db53b26_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\263f05ff35ec9567134dfa7b5db53b26_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious behavior: GetForegroundWindowSpam
    PID:4468

Network

  • flag-us
    DNS
    www.paste.host-good.com
    263f05ff35ec9567134dfa7b5db53b26_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    www.paste.host-good.com
    IN A
    Response
    www.paste.host-good.com
    IN A
    148.135.108.158
  • flag-us
    POST
    http://www.paste.host-good.com/paste/error.php
    263f05ff35ec9567134dfa7b5db53b26_JaffaCakes118.exe
    Remote address:
    148.135.108.158:80
    Request
    POST /paste/error.php HTTP/1.0
    Connection: keep-alive
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 253
    Host: www.paste.host-good.com
    Accept: text/html, */*
    User-Agent: Mozilla/3.0 (compatible; Indy Library)
  • flag-us
    DNS
    138.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    138.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    158.108.135.148.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    158.108.135.148.in-addr.arpa
    IN PTR
    Response
    158.108.135.148.in-addr.arpa
    IN PTR
    storedigitalbiz
  • flag-us
    DNS
    55.36.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    55.36.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    29.243.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    29.243.111.52.in-addr.arpa
    IN PTR
    Response
  • 148.135.108.158:80
    http://www.paste.host-good.com/paste/error.php
    http
    263f05ff35ec9567134dfa7b5db53b26_JaffaCakes118.exe
    758 B
     252 B
     6
    6

    HTTP Request

    POST http://www.paste.host-good.com/paste/error.php
  • 8.8.8.8:53
    www.paste.host-good.com
    dns
    263f05ff35ec9567134dfa7b5db53b26_JaffaCakes118.exe
    69 B
     85 B
     1
    1

    DNS Request

    www.paste.host-good.com

    DNS Response

    148.135.108.158

  • 8.8.8.8:53
    138.32.126.40.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    138.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    158.108.135.148.in-addr.arpa
    dns
    74 B
     104 B
     1
    1

    DNS Request

    158.108.135.148.in-addr.arpa

  • 8.8.8.8:53
    55.36.223.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    55.36.223.20.in-addr.arpa

  • 8.8.8.8:53
    172.214.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.214.232.199.in-addr.arpa

  • 8.8.8.8:53
    29.243.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    29.243.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4468-1-0x0000000000E70000-0x0000000000E72000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4468-0-0x0000000000400000-0x0000000000D0B000-memory.dmp

    Filesize

    9.0MB

    Download

  • memory/4468-2-0x0000000002BC0000-0x0000000002BC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4468-5-0x0000000000400000-0x0000000000D0B000-memory.dmp

    Filesize

    9.0MB

    Download

  • memory/4468-6-0x0000000000400000-0x0000000000D0B000-memory.dmp

    Filesize

    9.0MB

    Download

  • memory/4468-8-0x0000000000E70000-0x0000000000E72000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4468-9-0x0000000002BC0000-0x0000000002BC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4468-10-0x0000000000400000-0x0000000000D0B000-memory.dmp

    Filesize

    9.0MB

    Download

  • memory/4468-11-0x0000000000400000-0x0000000000D0B000-memory.dmp

    Filesize

    9.0MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.