Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
142s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
12/07/2024, 06:13
Static task
static1
Behavioral task
behavioral1
Sample
3c42b9dce31f458c0b19bb8610c74a35_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
3c42b9dce31f458c0b19bb8610c74a35_JaffaCakes118.exe
Resource
win10v2004-20240704-en
General
-
Target
3c42b9dce31f458c0b19bb8610c74a35_JaffaCakes118.exe
-
Size
289KB
-
MD5
3c42b9dce31f458c0b19bb8610c74a35
-
SHA1
d97685a5a6c502f13893276744390cc4a9b0aa12
-
SHA256
0028a4fcf54a82082e18a2ba5138ced9a03800d328c1d9e1dd69792ab45cd744
-
SHA512
72bfe5148c611679d78b2557742ace19bc9867cdb33b58689b848421dc4b9e61d3f9aeadaeec343442d56b277c6e6721180aa06480424d9bb50015101c6194ca
-
SSDEEP
6144:rHnR5hyrRN+QxfuKrDIdYrq53YtQoN9NPE/NeLDJOvqb/p1o:tLydRmKr0QqetXV8YJmqjjo
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1248 IEXPLORER.EXE -
Drops file in Program Files directory 2 IoCs
description ioc Process File opened for modification C:\Program Files\Internet Explorer\IEXPLORER.EXE 3c42b9dce31f458c0b19bb8610c74a35_JaffaCakes118.exe File created C:\Program Files\Internet Explorer\IEXPLORER.EXE 3c42b9dce31f458c0b19bb8610c74a35_JaffaCakes118.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File created C:\Windows\uninstal.bat 3c42b9dce31f458c0b19bb8610c74a35_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 2276 3c42b9dce31f458c0b19bb8610c74a35_JaffaCakes118.exe Token: SeDebugPrivilege 1248 IEXPLORER.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1248 IEXPLORER.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2276 wrote to memory of 3104 2276 3c42b9dce31f458c0b19bb8610c74a35_JaffaCakes118.exe 89 PID 2276 wrote to memory of 3104 2276 3c42b9dce31f458c0b19bb8610c74a35_JaffaCakes118.exe 89 PID 2276 wrote to memory of 3104 2276 3c42b9dce31f458c0b19bb8610c74a35_JaffaCakes118.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\3c42b9dce31f458c0b19bb8610c74a35_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3c42b9dce31f458c0b19bb8610c74a35_JaffaCakes118.exe"1⤵
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2276 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\uninstal.bat2⤵PID:3104
-
-
C:\Program Files\Internet Explorer\IEXPLORER.EXE"C:\Program Files\Internet Explorer\IEXPLORER.EXE"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1248
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
289KB
MD53c42b9dce31f458c0b19bb8610c74a35
SHA1d97685a5a6c502f13893276744390cc4a9b0aa12
SHA2560028a4fcf54a82082e18a2ba5138ced9a03800d328c1d9e1dd69792ab45cd744
SHA51272bfe5148c611679d78b2557742ace19bc9867cdb33b58689b848421dc4b9e61d3f9aeadaeec343442d56b277c6e6721180aa06480424d9bb50015101c6194ca
-
Filesize
218B
MD50c3f6e15c6301803948dbe66ba57997c
SHA156260f4e605b5e0d4bdf8022019e4159e05493f2
SHA2563e4f7e6a57fa032b82a28e34ceb60e4498a1aa974a58d391c9fc6873c73b2b5e
SHA5123cdbef765fe76b77994e502a07740290b80d05a68ad9b16d6d24b591460e1e10d8807bb21a7933bd4eb2801fcab24c14dbf4a78ef5681f26c87c9caf71dfec3e