Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
94s -
max time network
122s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
12/07/2024, 07:21
Static task
static1
Behavioral task
behavioral1
Sample
3c74e0a5adcf788cd53ef694413cc34e_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
3c74e0a5adcf788cd53ef694413cc34e_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
3c74e0a5adcf788cd53ef694413cc34e_JaffaCakes118.exe
-
Size
94KB
-
MD5
3c74e0a5adcf788cd53ef694413cc34e
-
SHA1
5078b230a4e9ba07072fe17fb4fac6ace26d2c7f
-
SHA256
3bba0dbd2af5f49e102f1017a89f94b98ecba026ff35e4f2e56624c645819742
-
SHA512
ff14d72efc0f0fb2d5dab0bd3b9c3667cd55c7d2bc62e4e4d5c4bea5de92ed9d301a6b80cbf94c986717ff844f2b7e639021a2361dee56a1cf85c4af766366a6
-
SSDEEP
1536:iHCvF6hG6zAgrE5b2l6eRK8r/6GIfIuHSDdmvXoDfL9UZR0v3uoj8fMfFw:74hG6M+lZ3iGIgA/XAfmZ+v5j8fMfFw
Malware Config
Signatures
-
Loads dropped DLL 2 IoCs
pid Process 2912 3c74e0a5adcf788cd53ef694413cc34e_JaffaCakes118.exe 2912 3c74e0a5adcf788cd53ef694413cc34e_JaffaCakes118.exe -
Drops file in System32 directory 2 IoCs
description ioc Process File created \??\c:\windows\SysWOW64\rsvp32_2.dll 3c74e0a5adcf788cd53ef694413cc34e_JaffaCakes118.exe File created \??\c:\windows\SysWOW64\sporder.dll 3c74e0a5adcf788cd53ef694413cc34e_JaffaCakes118.exe -
Suspicious behavior: LoadsDriver 2 IoCs
pid Process 2912 3c74e0a5adcf788cd53ef694413cc34e_JaffaCakes118.exe 652 Process not Found -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeLoadDriverPrivilege 2912 3c74e0a5adcf788cd53ef694413cc34e_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2912 3c74e0a5adcf788cd53ef694413cc34e_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\3c74e0a5adcf788cd53ef694413cc34e_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3c74e0a5adcf788cd53ef694413cc34e_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2912
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
76KB
MD599297d993fbc3cdb7a7befa37d68f37d
SHA1324040248f5cf33d9bca29388a7dff42ccc6db43
SHA25636fd19f2cd3652f3a8e1b1e5f3242a9389f1b38001f8d70f1150e875f613380c
SHA5126c46aa55f0ea778fa1feb52eb12e33cb17934c40dc3014e4b9a8afcf99e4e87286fc189de92987e3bda13d2f4be62e16d337c7b2aef7b16475880d5bdfbb5446
-
Filesize
8KB
MD5a082e5473b2a9a4d846ed7ddf637ac76
SHA11703f7969a6e76f8458eda3e8e40fd115c0bfdc3
SHA25673f7171c2af70ccf8ee4c49626fb456807a6a668f6a967298dcd5ed29773bd2a
SHA512abc1ea5a46d0784db23ddd9bd984527913c3e40a3896cfa43e9f4f999e4064038b24aed78e27bf2e705c8c55482e801f520987c2a74be6f01edc32df3d235eaa