Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
09/07/2024, 06:19
Static task
static1
Behavioral task
behavioral1
Sample
2f470cbeacd0e24f1f484ae61da88919_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
2f470cbeacd0e24f1f484ae61da88919_JaffaCakes118.exe
Resource
win10v2004-20240704-en
General
-
Target
2f470cbeacd0e24f1f484ae61da88919_JaffaCakes118.exe
-
Size
47KB
-
MD5
2f470cbeacd0e24f1f484ae61da88919
-
SHA1
090e62fddb7a56f6af6536c64a18dbbdd5aa6f06
-
SHA256
3191fd056adc16715bea757a4c7050bc25f032cfc699eb06be768713d867a7e6
-
SHA512
bf8a30defee0181a6c293f84d6e41ba8e278e5041727cede33d48ea53a5498bba22c444679d9ab2c31de7eec6169e5a0d0c5b978ff73293a06a71593be7e2d29
-
SSDEEP
768:QEy3/0+MF+pyXTtMTQiBtVxHPr5bRftmYIZ4n45J+OOqVhRTlazUR:Q13/KgpGtGQ4DHPrlRFaG45J+EhRhN
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2740 fxsteller.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows UDP Control Center = "fxsteller.exe" 2f470cbeacd0e24f1f484ae61da88919_JaffaCakes118.exe -
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 852 set thread context of 2224 852 2f470cbeacd0e24f1f484ae61da88919_JaffaCakes118.exe 31 -
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\Windows\fxsteller.exe 2f470cbeacd0e24f1f484ae61da88919_JaffaCakes118.exe File opened for modification C:\Windows\fxsteller.exe 2f470cbeacd0e24f1f484ae61da88919_JaffaCakes118.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 2196 2740 WerFault.exe 32 -
Suspicious use of WriteProcessMemory 16 IoCs
description pid Process procid_target PID 852 wrote to memory of 2224 852 2f470cbeacd0e24f1f484ae61da88919_JaffaCakes118.exe 31 PID 852 wrote to memory of 2224 852 2f470cbeacd0e24f1f484ae61da88919_JaffaCakes118.exe 31 PID 852 wrote to memory of 2224 852 2f470cbeacd0e24f1f484ae61da88919_JaffaCakes118.exe 31 PID 852 wrote to memory of 2224 852 2f470cbeacd0e24f1f484ae61da88919_JaffaCakes118.exe 31 PID 852 wrote to memory of 2224 852 2f470cbeacd0e24f1f484ae61da88919_JaffaCakes118.exe 31 PID 852 wrote to memory of 2224 852 2f470cbeacd0e24f1f484ae61da88919_JaffaCakes118.exe 31 PID 852 wrote to memory of 2224 852 2f470cbeacd0e24f1f484ae61da88919_JaffaCakes118.exe 31 PID 852 wrote to memory of 2224 852 2f470cbeacd0e24f1f484ae61da88919_JaffaCakes118.exe 31 PID 2224 wrote to memory of 2740 2224 2f470cbeacd0e24f1f484ae61da88919_JaffaCakes118.exe 32 PID 2224 wrote to memory of 2740 2224 2f470cbeacd0e24f1f484ae61da88919_JaffaCakes118.exe 32 PID 2224 wrote to memory of 2740 2224 2f470cbeacd0e24f1f484ae61da88919_JaffaCakes118.exe 32 PID 2224 wrote to memory of 2740 2224 2f470cbeacd0e24f1f484ae61da88919_JaffaCakes118.exe 32 PID 2740 wrote to memory of 2196 2740 fxsteller.exe 33 PID 2740 wrote to memory of 2196 2740 fxsteller.exe 33 PID 2740 wrote to memory of 2196 2740 fxsteller.exe 33 PID 2740 wrote to memory of 2196 2740 fxsteller.exe 33
Processes
-
C:\Users\Admin\AppData\Local\Temp\2f470cbeacd0e24f1f484ae61da88919_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\2f470cbeacd0e24f1f484ae61da88919_JaffaCakes118.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:852 -
C:\Users\Admin\AppData\Local\Temp\2f470cbeacd0e24f1f484ae61da88919_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\2f470cbeacd0e24f1f484ae61da88919_JaffaCakes118.exe2⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2224 -
C:\Windows\fxsteller.exe"C:\Windows\fxsteller.exe"3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2740 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 724⤵
- Program crash
PID:2196
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
47KB
MD52f470cbeacd0e24f1f484ae61da88919
SHA1090e62fddb7a56f6af6536c64a18dbbdd5aa6f06
SHA2563191fd056adc16715bea757a4c7050bc25f032cfc699eb06be768713d867a7e6
SHA512bf8a30defee0181a6c293f84d6e41ba8e278e5041727cede33d48ea53a5498bba22c444679d9ab2c31de7eec6169e5a0d0c5b978ff73293a06a71593be7e2d29