Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
105s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
13/07/2024, 00:00
Static task
static1
Behavioral task
behavioral1
Sample
3f6700f557b1e20eb8f647f79dacfa38_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
3f6700f557b1e20eb8f647f79dacfa38_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
3f6700f557b1e20eb8f647f79dacfa38_JaffaCakes118.exe
-
Size
133KB
-
MD5
3f6700f557b1e20eb8f647f79dacfa38
-
SHA1
429e2d5eb15694f5a0ec4ea1b1397a6fc769255b
-
SHA256
f47e4d46d4f3b2e197975cef55634dab7b8f13e8d0bdadab5f04f0ca5cbd0368
-
SHA512
8839e8b95a6aae7d6056d3e16fcd0287eba1ab1c21774fdf0f31f9ac20c52cb2827df7201f1d5eddaa8e9ea4624d4342ff625c6bce43d41e4576c1abd08e48ca
-
SSDEEP
3072:+kwfBWX/oJGBhKcXsqog9SFXOgT2i20y5PuhHDS/Vg:s+IksqofhKlaHDS/V
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2624 Xxuxea.exe -
Drops file in Windows directory 6 IoCs
description ioc Process File created C:\Windows\Xxuxea.exe 3f6700f557b1e20eb8f647f79dacfa38_JaffaCakes118.exe File opened for modification C:\Windows\Xxuxea.exe 3f6700f557b1e20eb8f647f79dacfa38_JaffaCakes118.exe File created C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job Xxuxea.exe File opened for modification C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job Xxuxea.exe File created C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job 3f6700f557b1e20eb8f647f79dacfa38_JaffaCakes118.exe File opened for modification C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job 3f6700f557b1e20eb8f647f79dacfa38_JaffaCakes118.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Software\Microsoft\Internet Explorer\Main Xxuxea.exe Key created \REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Software\Microsoft\Internet Explorer\International Xxuxea.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe 2624 Xxuxea.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
pid Process 4380 3f6700f557b1e20eb8f647f79dacfa38_JaffaCakes118.exe 2624 Xxuxea.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4380 wrote to memory of 2624 4380 3f6700f557b1e20eb8f647f79dacfa38_JaffaCakes118.exe 86 PID 4380 wrote to memory of 2624 4380 3f6700f557b1e20eb8f647f79dacfa38_JaffaCakes118.exe 86 PID 4380 wrote to memory of 2624 4380 3f6700f557b1e20eb8f647f79dacfa38_JaffaCakes118.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\3f6700f557b1e20eb8f647f79dacfa38_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3f6700f557b1e20eb8f647f79dacfa38_JaffaCakes118.exe"1⤵
- Drops file in Windows directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:4380 -
C:\Windows\Xxuxea.exeC:\Windows\Xxuxea.exe2⤵
- Executes dropped EXE
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:2624
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
390B
MD57570cfd866478073bed3edf39dceb506
SHA11f7dc853a42796d93ecc2ab999f2bf1feb44402a
SHA25633f6a1f24c928211b26fc8e03fd7755f04ec2bb358a5feb0280ee7539429afc0
SHA5127e751c09ea581d453e59882da2afd775bf9a1a5b1607e23f4b697f120c1808498f9220beafd25687cdcb4131da6af27179f6171fd67afa6f8c371869661212db
-
Filesize
133KB
MD53f6700f557b1e20eb8f647f79dacfa38
SHA1429e2d5eb15694f5a0ec4ea1b1397a6fc769255b
SHA256f47e4d46d4f3b2e197975cef55634dab7b8f13e8d0bdadab5f04f0ca5cbd0368
SHA5128839e8b95a6aae7d6056d3e16fcd0287eba1ab1c21774fdf0f31f9ac20c52cb2827df7201f1d5eddaa8e9ea4624d4342ff625c6bce43d41e4576c1abd08e48ca