Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
13/07/2024, 17:13
Behavioral task
behavioral1
Sample
429acb709d5f0fd8a40beecc72c9fa89_JaffaCakes118.exe
Resource
win7-20240705-en
General
-
Target
429acb709d5f0fd8a40beecc72c9fa89_JaffaCakes118.exe
-
Size
518KB
-
MD5
429acb709d5f0fd8a40beecc72c9fa89
-
SHA1
0c6ae3cec530d155074510a4f4a5acaf8ef3abce
-
SHA256
c5f9c9512a8d4efe4cea83bddc1b7e2cea0dbbb4297923c74c30f817433cfae3
-
SHA512
b2e35681804e67d6e599c448ede9bf0d0776d3eb7fa6dc847850367dc62622851fd746202f42028a969d1e167773d5f6821ecce24108a1408d6fa3bbed7129b3
-
SSDEEP
12288:G5GzoHmEaY4r8Y38wGNQ1axaAmS6IEPzjipswj5iHN6Mp4o:G4zoH7aYI9WNVmH5His+5iHJ4o
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation 429acb709d5f0fd8a40beecc72c9fa89_JaffaCakes118.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
resource yara_rule behavioral2/memory/2260-0-0x0000000000400000-0x0000000000511000-memory.dmp upx behavioral2/memory/2260-1-0x0000000000400000-0x0000000000511000-memory.dmp upx behavioral2/memory/2260-3-0x0000000000400000-0x0000000000511000-memory.dmp upx behavioral2/memory/2260-154-0x0000000000400000-0x0000000000511000-memory.dmp upx behavioral2/memory/2260-155-0x0000000000400000-0x0000000000511000-memory.dmp upx behavioral2/memory/2260-156-0x0000000000400000-0x0000000000511000-memory.dmp upx behavioral2/memory/2260-158-0x0000000000400000-0x0000000000511000-memory.dmp upx behavioral2/memory/2260-159-0x0000000000400000-0x0000000000511000-memory.dmp upx behavioral2/memory/2260-160-0x0000000000400000-0x0000000000511000-memory.dmp upx behavioral2/memory/2260-162-0x0000000000400000-0x0000000000511000-memory.dmp upx behavioral2/memory/2260-163-0x0000000000400000-0x0000000000511000-memory.dmp upx behavioral2/memory/2260-164-0x0000000000400000-0x0000000000511000-memory.dmp upx behavioral2/memory/2260-165-0x0000000000400000-0x0000000000511000-memory.dmp upx behavioral2/memory/2260-166-0x0000000000400000-0x0000000000511000-memory.dmp upx behavioral2/memory/2260-167-0x0000000000400000-0x0000000000511000-memory.dmp upx behavioral2/memory/2260-168-0x0000000000400000-0x0000000000511000-memory.dmp upx behavioral2/memory/2260-169-0x0000000000400000-0x0000000000511000-memory.dmp upx behavioral2/memory/2260-170-0x0000000000400000-0x0000000000511000-memory.dmp upx -
Drops file in Program Files directory 1 IoCs
description ioc Process File created C:\PROGRA~2\is240626718.log 429acb709d5f0fd8a40beecc72c9fa89_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2260 429acb709d5f0fd8a40beecc72c9fa89_JaffaCakes118.exe 2260 429acb709d5f0fd8a40beecc72c9fa89_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2260 wrote to memory of 4140 2260 429acb709d5f0fd8a40beecc72c9fa89_JaffaCakes118.exe 86 PID 2260 wrote to memory of 4140 2260 429acb709d5f0fd8a40beecc72c9fa89_JaffaCakes118.exe 86 PID 2260 wrote to memory of 4140 2260 429acb709d5f0fd8a40beecc72c9fa89_JaffaCakes118.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\429acb709d5f0fd8a40beecc72c9fa89_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\429acb709d5f0fd8a40beecc72c9fa89_JaffaCakes118.exe"1⤵
- Checks computer location settings
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2260 -
C:\Windows\SysWOW64\regsvr32.exe"C:\Windows\System32\regsvr32.exe" /s /c vbscript.dll2⤵PID:4140
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
775B
MD503c9a7476168f7f69e5264c53aa044a2
SHA16461f249fb52331d2e95b82f341fd21e6794a8e2
SHA256dde328e5b457f22ef60d4e7fba2f9ad23eb57ed405889d1e4ee3d9637083ce0b
SHA512adb14c7113a09f960702777f83602e69542d70a5882f15b16e608bd13e65eff2854119944b8aa57dbce82d2440a8a5cfa63c9bb4f9d9875d4e6ad980d71f586d
-
Filesize
156B
MD51ea9e5b417811379e874ad4870d5c51a
SHA1a4bd01f828454f3619a815dbe5423b181ec4051c
SHA256f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a
SHA512965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa
-
Filesize
2KB
MD526571cc52e369de069184809dad692ae
SHA100bba72740880d8cecf91dbb96fa909d445ff94e
SHA2569d61276f85f774cfffb19254b414e3d3369b1b7534d6e2473c134754750d517a
SHA512c135808f58b05c5a90e6cfa43f07da102bbd51e4016b850e65930ef690eaeb47cd256e76f9200e1c81525f5b01e1083dd9b9c265917498eb0a95f728e828c4de
-
Filesize
2KB
MD53d2aa6a7a64f0b26d01cd4277b10079b
SHA1ad513cb821f94da8e07a56ff51fec6499154dc6a
SHA256e4fad0196afa803e2687fc84803bbb792af2e97f60ba46b17d05bb44dbab9a95
SHA512f405db304dcdfc403e72b36188ebca9cd2c18b4322ece280a0d77699f1550c2ca86c88986bf4224d566b4b4f45bcfe205ac8621c3b262f668365fb92082b7837
-
Filesize
1021B
MD55ee302dc78542e5fd0a02f25a0002da1
SHA1e87d05c022100b011258d967d39622ba7418d061
SHA256463d6daf03677bb1680ea08d8213109a552a607c4b052392dc3902cf138e9693
SHA512e3368f139eea37511d36d9e885bcc0dfa7948e2afb4479d9a139f67a8ff87004d5c9978b984951c7a1c8354fdac533c41c53d478d017fad64581862787c0d7a1
-
Filesize
1KB
MD57079f7a38ff7af04727c9f1750f32634
SHA13cd8c5f3a1a8b8777d5a01ad5e295e89fb0d9bc0
SHA256759d69822f034c0711509390bcb2e731747e2fb3d8f79e7cbdc3305ac047c026
SHA512be915a2da8b6e06720b1c2563933bbbabfb68ddc5cdea7cf57b8cbdd44478b716018c42aa4cf47667628393b4d06610a3d0a00df4f7136aef20821001b54961a
-
Filesize
2KB
MD5eacfc942574a53060e716a4f56163fa4
SHA18080d0cbfa1cd69a385b7d6952c0270ca59438be
SHA2564c5704990fbbfb5062a005be555402110f7dff0cd126fde4a26c2b5735242a28
SHA512b7c5f3e5b647c6f9d41b3f886f3830744bfdbf8f3398ec451775a5950282a6dfe2155e038bb419e3f87fe854704b70a2520e36d00c4df41ee76812e36abf0c18
-
Filesize
1KB
MD566d7245af7de7d1f9540e55a1e020195
SHA1fe78c89b4e7e717f059caa7d1e591e379e04f7c1
SHA256af7b976d08c7dc668b33feefc8626bc95ba3ac03290a0d3f2f1848d66fc624ca
SHA5129f102b9f7d6fe0bb82e7280bd829cdf33f1ac1d0682e362a974ac31c22333dae1d5525db4af80cfa829751e5ce39da29c93a276f8e553ce52a238ef110460cf3
-
Filesize
6KB
MD5ad107fa0cdd0d308688503bbd113a7cb
SHA18198eee6fccd6dfbfab000faac35e32d030dfe7e
SHA25629119628c65a0b0d4a56470511f8ab9b35b68494fd2c73b5c781bc18aec62a2c
SHA51271819203400fc9d506406ffc4691306dbc37a04ac8fffd5338df2cd4549c419ad225c2a6c606008d80a24381daaac3305c6edca2b242d8b7f16141bb9dfbd7ca
-
Filesize
1KB
MD50082128c5fe64728fe46f9c050065408
SHA1065b7be79e5c0a5fe1ea59677152fa3d5e031d88
SHA2561f27a3c822b032286f36b572b13f226803335c330933d6518be3634209fc61e2
SHA512a9d42921cff39928ce1a23186f2e8a53514461662bfcf65da263f4ed5d137ffc016c727bda3c0e3831381398659b86889d07538eea0bb17a4c4de7a85ec06e4d
-
Filesize
1KB
MD5ea0f9590069a3bba51bb36280f571ea0
SHA127047add676557bc05f00c457ceb407b592a9bfb
SHA2566d4cac22f5ba2c4d92c7cd59db41679e4e4f0eb2090006bf1caa65e2dd008a2e
SHA5129108fab9c6305ce1bede59274e1965a8fc138a888a96b54dfbeb25fa12cf172e7aa722a3fe2f3d59bb0f306dff976d9635db371a3d79cdc3a8a0d1d8c1e39d1a