Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
13/07/2024, 00:00
Static task
static1
Behavioral task
behavioral1
Sample
3f6700f557b1e20eb8f647f79dacfa38_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
3f6700f557b1e20eb8f647f79dacfa38_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
3f6700f557b1e20eb8f647f79dacfa38_JaffaCakes118.exe
-
Size
133KB
-
MD5
3f6700f557b1e20eb8f647f79dacfa38
-
SHA1
429e2d5eb15694f5a0ec4ea1b1397a6fc769255b
-
SHA256
f47e4d46d4f3b2e197975cef55634dab7b8f13e8d0bdadab5f04f0ca5cbd0368
-
SHA512
8839e8b95a6aae7d6056d3e16fcd0287eba1ab1c21774fdf0f31f9ac20c52cb2827df7201f1d5eddaa8e9ea4624d4342ff625c6bce43d41e4576c1abd08e48ca
-
SSDEEP
3072:+kwfBWX/oJGBhKcXsqog9SFXOgT2i20y5PuhHDS/Vg:s+IksqofhKlaHDS/V
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1696 Cnunoa.exe -
Drops file in Windows directory 6 IoCs
description ioc Process File opened for modification C:\Windows\Cnunoa.exe 3f6700f557b1e20eb8f647f79dacfa38_JaffaCakes118.exe File created C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job Cnunoa.exe File opened for modification C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job Cnunoa.exe File created C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job 3f6700f557b1e20eb8f647f79dacfa38_JaffaCakes118.exe File opened for modification C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job 3f6700f557b1e20eb8f647f79dacfa38_JaffaCakes118.exe File created C:\Windows\Cnunoa.exe 3f6700f557b1e20eb8f647f79dacfa38_JaffaCakes118.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main Cnunoa.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\International Cnunoa.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe 1696 Cnunoa.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
pid Process 2548 3f6700f557b1e20eb8f647f79dacfa38_JaffaCakes118.exe 1696 Cnunoa.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2548 wrote to memory of 1696 2548 3f6700f557b1e20eb8f647f79dacfa38_JaffaCakes118.exe 30 PID 2548 wrote to memory of 1696 2548 3f6700f557b1e20eb8f647f79dacfa38_JaffaCakes118.exe 30 PID 2548 wrote to memory of 1696 2548 3f6700f557b1e20eb8f647f79dacfa38_JaffaCakes118.exe 30 PID 2548 wrote to memory of 1696 2548 3f6700f557b1e20eb8f647f79dacfa38_JaffaCakes118.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\3f6700f557b1e20eb8f647f79dacfa38_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3f6700f557b1e20eb8f647f79dacfa38_JaffaCakes118.exe"1⤵
- Drops file in Windows directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:2548 -
C:\Windows\Cnunoa.exeC:\Windows\Cnunoa.exe2⤵
- Executes dropped EXE
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:1696
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
133KB
MD53f6700f557b1e20eb8f647f79dacfa38
SHA1429e2d5eb15694f5a0ec4ea1b1397a6fc769255b
SHA256f47e4d46d4f3b2e197975cef55634dab7b8f13e8d0bdadab5f04f0ca5cbd0368
SHA5128839e8b95a6aae7d6056d3e16fcd0287eba1ab1c21774fdf0f31f9ac20c52cb2827df7201f1d5eddaa8e9ea4624d4342ff625c6bce43d41e4576c1abd08e48ca
-
Filesize
372B
MD503c6697fb3f70270c3e6cc87bce5627e
SHA1e3738730f73b2bcbe2a2f11d5efdc483b9cd2a21
SHA256404f2eed447da918f5cb1b79968716dbf57371a5960f9b50ed08b60f4eec34e3
SHA512b6be77a0bbce6458d05d1274b1fe8d2e582a5379b626f40c9dca9f6a74e28e62c6fad99a5ae9cb350f3de568200c0de857c878b797dcfddfa1c12b37939a643d