Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
93s -
max time network
136s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
09/07/2024, 02:26
Behavioral task
behavioral1
Sample
2eae0f59a0c8436672b01fac33ab0cf7_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
2eae0f59a0c8436672b01fac33ab0cf7_JaffaCakes118.exe
Resource
win10v2004-20240704-en
General
-
Target
2eae0f59a0c8436672b01fac33ab0cf7_JaffaCakes118.exe
-
Size
266KB
-
MD5
2eae0f59a0c8436672b01fac33ab0cf7
-
SHA1
56a9dcd5a1ee241697413a49760789ecea97e061
-
SHA256
0ea3c0aa204a8f0a12ae72610161b2b4cc24dfc0529bf357349efd2f4446995a
-
SHA512
1aecda66db8802e9bdb780c67cf8e0e1a4b55afa94140fab28ad7d8db2f2b8c4f3937108862acd9ca119c163d235e2e4d37a052b9d5a5fc747a77f2315180aec
-
SSDEEP
6144:DPT6+5GX5x0vHCw8r4ksloo4YHkAY3ZFSd7TaRGg6f70dQ:Dm+5GJxiCxnCYpFSERP6F
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2396 2eae0f59a0c8436672b01fac33ab0cf7_JaffaCakes118.exe -
Executes dropped EXE 1 IoCs
pid Process 2396 2eae0f59a0c8436672b01fac33ab0cf7_JaffaCakes118.exe -
resource yara_rule behavioral2/memory/3960-0-0x0000000000400000-0x0000000000486000-memory.dmp upx behavioral2/files/0x0006000000022f55-12.dat upx behavioral2/memory/2396-14-0x0000000000400000-0x0000000000486000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3960 2eae0f59a0c8436672b01fac33ab0cf7_JaffaCakes118.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3960 2eae0f59a0c8436672b01fac33ab0cf7_JaffaCakes118.exe 2396 2eae0f59a0c8436672b01fac33ab0cf7_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3960 wrote to memory of 2396 3960 2eae0f59a0c8436672b01fac33ab0cf7_JaffaCakes118.exe 84 PID 3960 wrote to memory of 2396 3960 2eae0f59a0c8436672b01fac33ab0cf7_JaffaCakes118.exe 84 PID 3960 wrote to memory of 2396 3960 2eae0f59a0c8436672b01fac33ab0cf7_JaffaCakes118.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\2eae0f59a0c8436672b01fac33ab0cf7_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\2eae0f59a0c8436672b01fac33ab0cf7_JaffaCakes118.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3960 -
C:\Users\Admin\AppData\Local\Temp\2eae0f59a0c8436672b01fac33ab0cf7_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\2eae0f59a0c8436672b01fac33ab0cf7_JaffaCakes118.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2396
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
266KB
MD547f41986ad0ac2a8d6fd33131abc8be7
SHA1cf071955f29991d0571432b9890354970c5136d9
SHA256cc1e0e323e39677dacf33f1d452be1efc71717ff08edbcee00965317ea8e9583
SHA512ba9bdcf23807965a0e7e928f0071675ab8cb73def8cf0d31bc9304895bb459e06248941a38c8ba26868d9acf115ba0a945e6697b496203c3a5dc05d1cedfa649