Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
10/07/2024, 03:56
Static task
static1
Behavioral task
behavioral1
Sample
3336ad60a89c57c4610fb8a8b86b7d41_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
3336ad60a89c57c4610fb8a8b86b7d41_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
3336ad60a89c57c4610fb8a8b86b7d41_JaffaCakes118.exe
-
Size
125KB
-
MD5
3336ad60a89c57c4610fb8a8b86b7d41
-
SHA1
b165673ea521696c484253b00dc77c86206996b0
-
SHA256
d90abbe31bae6679d53ace97db1b0d4807e7b665c16d0653698695d47f91253e
-
SHA512
febfa796bdc0226e2e231333a141f27d19b7ee07ba2ccf674e2365bcd9181434a39c08a767e0906facaabf02b7dec5859df4d114ce89d1b3c97e115316f316f4
-
SSDEEP
3072:EJgwBIxhn+dz7diTqkGqcZBUPs7dHNnu3lAzyDJkluJfBd8V:EuwWx8fScnUPey1BtB
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2328 Nfubya.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\18RH6WMFH2 = "C:\\Windows\\Nfubya.exe" Nfubya.exe -
Drops file in Windows directory 4 IoCs
description ioc Process File created C:\Windows\Nfubya.exe 3336ad60a89c57c4610fb8a8b86b7d41_JaffaCakes118.exe File opened for modification C:\Windows\Nfubya.exe 3336ad60a89c57c4610fb8a8b86b7d41_JaffaCakes118.exe File created C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job 3336ad60a89c57c4610fb8a8b86b7d41_JaffaCakes118.exe File opened for modification C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job 3336ad60a89c57c4610fb8a8b86b7d41_JaffaCakes118.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main Nfubya.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International Nfubya.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe 2328 Nfubya.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2328 Nfubya.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1976 wrote to memory of 2328 1976 3336ad60a89c57c4610fb8a8b86b7d41_JaffaCakes118.exe 30 PID 1976 wrote to memory of 2328 1976 3336ad60a89c57c4610fb8a8b86b7d41_JaffaCakes118.exe 30 PID 1976 wrote to memory of 2328 1976 3336ad60a89c57c4610fb8a8b86b7d41_JaffaCakes118.exe 30 PID 1976 wrote to memory of 2328 1976 3336ad60a89c57c4610fb8a8b86b7d41_JaffaCakes118.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\3336ad60a89c57c4610fb8a8b86b7d41_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3336ad60a89c57c4610fb8a8b86b7d41_JaffaCakes118.exe"1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1976 -
C:\Windows\Nfubya.exeC:\Windows\Nfubya.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:2328
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
125KB
MD53336ad60a89c57c4610fb8a8b86b7d41
SHA1b165673ea521696c484253b00dc77c86206996b0
SHA256d90abbe31bae6679d53ace97db1b0d4807e7b665c16d0653698695d47f91253e
SHA512febfa796bdc0226e2e231333a141f27d19b7ee07ba2ccf674e2365bcd9181434a39c08a767e0906facaabf02b7dec5859df4d114ce89d1b3c97e115316f316f4
-
Filesize
372B
MD5a50b34ccf9a77ab6f928114a1b559758
SHA15e7b74102dba505c8d870473103e381e5acd515a
SHA25658ae92fcccb3e32adf3e6405638e43a0e155ad175dffd9d8091807b48dd0cde0
SHA512c5a3a20e2e88e8c37b962e02945cc4ed0726795ce47c7a3ecb77e45549ca1335cb5953c995cf933ba4fa7257b9cf2ef714859dc968fca3ea4ceadc6032f78aed