Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
13/07/2024, 16:05 UTC
Behavioral task
behavioral1
Sample
4263984cb2dacebe0d9539c4878e0ad9_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
4263984cb2dacebe0d9539c4878e0ad9_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
4263984cb2dacebe0d9539c4878e0ad9_JaffaCakes118.exe
-
Size
27KB
-
MD5
4263984cb2dacebe0d9539c4878e0ad9
-
SHA1
990e4dca669b96545e5c79e74edf0000fb6fbe8e
-
SHA256
22ab05aacaef5a9dd59967863f58d8b0f11592cb214270c57e6ce4ad4953bbf1
-
SHA512
d185dd24674d729b15fb9bf50dc4af9628fca521072421ba2a755940d69013c592e7d0f292d120d6fed256ef0e04f2d9609547bf83b2849be7f165b051c94526
-
SSDEEP
384:eDESfhzc54pMMVOgOhxLjAc/NlhBMqY/xDkiSSJb6wNbRW3G0Es++dXKoEi2zA6y:eD3zc5NgYZAc/NW9pNWXVtlDCA6
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1452 server15.exe -
resource yara_rule behavioral2/memory/2468-0-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral2/files/0x00090000000234c5-3.dat upx behavioral2/memory/1452-5-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral2/memory/2468-7-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral2/memory/1452-8-0x0000000000400000-0x0000000000435000-memory.dmp upx -
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\SysWOW64\server15.exe 4263984cb2dacebe0d9539c4878e0ad9_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\server15.exe 4263984cb2dacebe0d9539c4878e0ad9_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeIncBasePriorityPrivilege 2468 4263984cb2dacebe0d9539c4878e0ad9_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2468 wrote to memory of 3172 2468 4263984cb2dacebe0d9539c4878e0ad9_JaffaCakes118.exe 84 PID 2468 wrote to memory of 3172 2468 4263984cb2dacebe0d9539c4878e0ad9_JaffaCakes118.exe 84 PID 2468 wrote to memory of 3172 2468 4263984cb2dacebe0d9539c4878e0ad9_JaffaCakes118.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\4263984cb2dacebe0d9539c4878e0ad9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\4263984cb2dacebe0d9539c4878e0ad9_JaffaCakes118.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2468 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\426398~1.EXE > nul2⤵PID:3172
-
-
C:\Windows\SysWOW64\server15.exeC:\Windows\SysWOW64\server15.exe1⤵
- Executes dropped EXE
PID:1452
Network
-
Remote address:8.8.8.8:53Requests234.2288.orgIN AResponse
-
Remote address:8.8.8.8:53Request136.32.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request55.36.223.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request81.144.22.2.in-addr.arpaIN PTRResponse81.144.22.2.in-addr.arpaIN PTRa2-22-144-81deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Requests234.2288.orgIN AResponse
-
Remote address:8.8.8.8:53Requests234.2288.orgIN AResponse
-
Remote address:8.8.8.8:53Requests234.2288.orgIN AResponse
-
Remote address:8.8.8.8:53Requests234.2288.orgIN AResponse
-
Remote address:8.8.8.8:53Request86.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requests234.2288.orgIN AResponse
-
Remote address:8.8.8.8:53Request15.164.165.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request172.210.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requests234.2288.orgIN AResponse
-
Remote address:8.8.8.8:53Requests234.2288.orgIN AResponse
-
Remote address:8.8.8.8:53Requests234.2288.orgIN A
-
Remote address:8.8.8.8:53Requests234.2288.orgIN AResponse
-
Remote address:8.8.8.8:53Requests234.2288.orgIN AResponse
-
Remote address:8.8.8.8:53Request23.58.20.217.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requests234.2288.orgIN AResponse
-
Remote address:8.8.8.8:53Requests234.2288.orgIN AResponse
-
Remote address:8.8.8.8:53Requests234.2288.orgIN AResponse
-
Remote address:8.8.8.8:53Requests234.2288.orgIN AResponse
-
Remote address:8.8.8.8:53Requests234.2288.orgIN AResponse
-
Remote address:8.8.8.8:53Requests234.2288.orgIN AResponse
-
Remote address:8.8.8.8:53Requests234.2288.orgIN AResponse
-
Remote address:8.8.8.8:53Requests234.2288.orgIN AResponse
-
Remote address:8.8.8.8:53Requests234.2288.orgIN AResponse
-
Remote address:8.8.8.8:53Requests234.2288.orgIN AResponse
-
Remote address:8.8.8.8:53Requests234.2288.orgIN AResponse
-
Remote address:8.8.8.8:53Requests234.2288.orgIN AResponse
-
Remote address:8.8.8.8:53Requests234.2288.orgIN AResponse
-
Remote address:8.8.8.8:53Requests234.2288.orgIN AResponse
-
Remote address:8.8.8.8:53Requests234.2288.orgIN AResponse
-
59 B 123 B 1 1
DNS Request
s234.2288.org
-
72 B 158 B 1 1
DNS Request
136.32.126.40.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
55.36.223.20.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
81.144.22.2.in-addr.arpa
-
59 B 123 B 1 1
DNS Request
s234.2288.org
-
59 B 123 B 1 1
DNS Request
s234.2288.org
-
59 B 123 B 1 1
DNS Request
s234.2288.org
-
59 B 123 B 1 1
DNS Request
s234.2288.org
-
70 B 144 B 1 1
DNS Request
86.23.85.13.in-addr.arpa
-
59 B 123 B 1 1
DNS Request
s234.2288.org
-
72 B 146 B 1 1
DNS Request
15.164.165.52.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.210.232.199.in-addr.arpa
-
59 B 123 B 1 1
DNS Request
s234.2288.org
-
118 B 123 B 2 1
DNS Request
s234.2288.org
DNS Request
s234.2288.org
-
59 B 123 B 1 1
DNS Request
s234.2288.org
-
59 B 123 B 1 1
DNS Request
s234.2288.org
-
71 B 131 B 1 1
DNS Request
23.58.20.217.in-addr.arpa
-
59 B 123 B 1 1
DNS Request
s234.2288.org
-
59 B 123 B 1 1
DNS Request
s234.2288.org
-
59 B 123 B 1 1
DNS Request
s234.2288.org
-
59 B 123 B 1 1
DNS Request
s234.2288.org
-
59 B 123 B 1 1
DNS Request
s234.2288.org
-
59 B 123 B 1 1
DNS Request
s234.2288.org
-
59 B 123 B 1 1
DNS Request
s234.2288.org
-
59 B 123 B 1 1
DNS Request
s234.2288.org
-
59 B 123 B 1 1
DNS Request
s234.2288.org
-
59 B 123 B 1 1
DNS Request
s234.2288.org
-
59 B 123 B 1 1
DNS Request
s234.2288.org
-
59 B 123 B 1 1
DNS Request
s234.2288.org
-
59 B 123 B 1 1
DNS Request
s234.2288.org
-
59 B 123 B 1 1
DNS Request
s234.2288.org
-
59 B 123 B 1 1
DNS Request
s234.2288.org
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
27KB
MD54263984cb2dacebe0d9539c4878e0ad9
SHA1990e4dca669b96545e5c79e74edf0000fb6fbe8e
SHA25622ab05aacaef5a9dd59967863f58d8b0f11592cb214270c57e6ce4ad4953bbf1
SHA512d185dd24674d729b15fb9bf50dc4af9628fca521072421ba2a755940d69013c592e7d0f292d120d6fed256ef0e04f2d9609547bf83b2849be7f165b051c94526