Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
06/07/2024, 22:42
Static task
static1
Behavioral task
behavioral1
Sample
29777f1a7533c45d1e63355aa1516886_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
29777f1a7533c45d1e63355aa1516886_JaffaCakes118.exe
Resource
win10v2004-20240704-en
General
-
Target
29777f1a7533c45d1e63355aa1516886_JaffaCakes118.exe
-
Size
1.9MB
-
MD5
29777f1a7533c45d1e63355aa1516886
-
SHA1
e79ec4e7a598a2b0131c47a328a61dd8f86bd4ba
-
SHA256
42a6703a71d112a1a0d25cdc797d90c663a9dc1ead45ea7d8f0853ad9a3d3afa
-
SHA512
5d9b0737605f7afb741acf1d79efe8f3da0d496f1fa4de8c3d0442f241b5bcd3691ef2b34000de31d34b2af41f6c142e77ae34b619418b7fbebdfbe8bb55956a
-
SSDEEP
49152:Qoa1taC070dy87eO/wIjaFxOWqxAn2ztV9USP:Qoa1taC0m7p/wIjixOWqqnIOk
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3904 8482.tmp -
Executes dropped EXE 1 IoCs
pid Process 3904 8482.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 940 wrote to memory of 3904 940 29777f1a7533c45d1e63355aa1516886_JaffaCakes118.exe 85 PID 940 wrote to memory of 3904 940 29777f1a7533c45d1e63355aa1516886_JaffaCakes118.exe 85 PID 940 wrote to memory of 3904 940 29777f1a7533c45d1e63355aa1516886_JaffaCakes118.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\29777f1a7533c45d1e63355aa1516886_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\29777f1a7533c45d1e63355aa1516886_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:940 -
C:\Users\Admin\AppData\Local\Temp\8482.tmp"C:\Users\Admin\AppData\Local\Temp\8482.tmp" --splashC:\Users\Admin\AppData\Local\Temp\29777f1a7533c45d1e63355aa1516886_JaffaCakes118.exe 4750BFB9A6656FF179DC83FEBA564CB5C30341F788399BD2FB0BDC193DB0594F420F784511F5FF0DD178A6402C79A273142959249761813F6157B9C00858FD0D2⤵
- Deletes itself
- Executes dropped EXE
PID:3904
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.9MB
MD5b7978e5853d6630b8c1733fb8f456cf4
SHA12689f8f8375711713b7f818380f667727b5ef289
SHA2567df380a7106426dae3f9bbe2371987af2187c3fc61fd2a0c02c00c2ade1cbb99
SHA51215a64083706cc00d0de7e11847a1919d2afa1dc69b44f766ea7382922ea4b1a9d31e251946911b101afa3faeaf1f49073c1bcf0fca0c5332ba428e5f10e6e41c