Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
112s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
09/07/2024, 21:15
Behavioral task
behavioral1
Sample
320075e33fac99eaee9d572c189d07e8_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
320075e33fac99eaee9d572c189d07e8_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
320075e33fac99eaee9d572c189d07e8_JaffaCakes118.exe
-
Size
230KB
-
MD5
320075e33fac99eaee9d572c189d07e8
-
SHA1
6b2ca9960ebedbe7e369f0f9f2429e5a320586c9
-
SHA256
f45c0c31e5b2fe74a42738056ce29f433faa06af893b3838dee1c3c890d43bfc
-
SHA512
c5a7e4b85b60a56be9f0b54dae2e3e5363ee732a61c4f8af03041ab21b8b8dbf0d60c2ba18727f8c8f12b691fe6ace6b994e617cd29993437b544da6c0007ec3
-
SSDEEP
6144:XpJ8yUj4nWUNUkpprAMoCzghZu3pNHmYe3DmJztw9/o:XVWUNUIAMoQeu3pNzoDmJztq
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3472 Ulidya.exe -
resource yara_rule behavioral2/memory/2316-0-0x0000000000400000-0x000000000043B000-memory.dmp upx behavioral2/files/0x0007000000023415-8.dat upx -
Drops file in Windows directory 6 IoCs
description ioc Process File opened for modification C:\Windows\Ulidya.exe 320075e33fac99eaee9d572c189d07e8_JaffaCakes118.exe File created C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job Ulidya.exe File opened for modification C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job Ulidya.exe File created C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job 320075e33fac99eaee9d572c189d07e8_JaffaCakes118.exe File opened for modification C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job 320075e33fac99eaee9d572c189d07e8_JaffaCakes118.exe File created C:\Windows\Ulidya.exe 320075e33fac99eaee9d572c189d07e8_JaffaCakes118.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Software\Microsoft\Internet Explorer\Main Ulidya.exe Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Software\Microsoft\Internet Explorer\International Ulidya.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe 3472 Ulidya.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2316 wrote to memory of 3472 2316 320075e33fac99eaee9d572c189d07e8_JaffaCakes118.exe 80 PID 2316 wrote to memory of 3472 2316 320075e33fac99eaee9d572c189d07e8_JaffaCakes118.exe 80 PID 2316 wrote to memory of 3472 2316 320075e33fac99eaee9d572c189d07e8_JaffaCakes118.exe 80
Processes
-
C:\Users\Admin\AppData\Local\Temp\320075e33fac99eaee9d572c189d07e8_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\320075e33fac99eaee9d572c189d07e8_JaffaCakes118.exe"1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2316 -
C:\Windows\Ulidya.exeC:\Windows\Ulidya.exe2⤵
- Executes dropped EXE
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
PID:3472
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
390B
MD5c349fc083698e10c96c09c999f9e56dc
SHA100dc2c2389dfa40a84990dd90836f3724222f54d
SHA256bcb63bd66ca82ff934bbf4600f7b9be715e9d47c9049e4e28b43d808db0e73fb
SHA5124eee8c93032b9c5dd479a07dadb7eeaaf0483da3e334a1ad8239874ccbc4f6c342633d48dfebaea9951a48bb74bb0fea84948dedd99c7a0ddf2ee9c89dcac3bb
-
Filesize
230KB
MD5320075e33fac99eaee9d572c189d07e8
SHA16b2ca9960ebedbe7e369f0f9f2429e5a320586c9
SHA256f45c0c31e5b2fe74a42738056ce29f433faa06af893b3838dee1c3c890d43bfc
SHA512c5a7e4b85b60a56be9f0b54dae2e3e5363ee732a61c4f8af03041ab21b8b8dbf0d60c2ba18727f8c8f12b691fe6ace6b994e617cd29993437b544da6c0007ec3