Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    93s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/07/2024, 13:36

General

  • Target

    460bd9a2df6429fcc2fac0546ac3d0d5_JaffaCakes118.exe

  • Size

    333KB

  • MD5

    460bd9a2df6429fcc2fac0546ac3d0d5

  • SHA1

    e99f6b2e38e51b79d7273806b85d3c512672dd92

  • SHA256

    a8f5d5105e68655b4eda2dbc2302bf09991121a3776c3967d6cb1ea939d817f8

  • SHA512

    5747aef7d0b7eb64ab37e1f7f50425bc6d9fcb1e54ce7d1105860f39128391b99e18afacb83d838ea77183ee76fba3a299c925724e7f6cf6680f458df0b24a98

  • SSDEEP

    6144:MRAhhJxX7bNIKTQ/ary6Gpdp+8dbYCWATtANNkd0gcLdk2snWC8k:UsAL/WByCJoMz4Wxk

Score
8/10

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 2 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

  • Modifies system executable filetype association 2 TTPs 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Drops file in System32 directory 6 IoCs
  • Program crash 1 IoCs
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\460bd9a2df6429fcc2fac0546ac3d0d5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\460bd9a2df6429fcc2fac0546ac3d0d5_JaffaCakes118.exe"
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies system executable filetype association
    • Adds Run key to start application
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    PID:1828
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 728
      2⤵
      • Program crash
      PID:2912
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1828 -ip 1828
    1⤵
      PID:2176

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\concp32.exe

      Filesize

      339KB

      MD5

      dfea3b4e0243cdb28133a04ce5eb28cb

      SHA1

      afdb00891efe953c4fbf7b9c52521b07a96504dd

      SHA256

      04cf6964ddf6f48ca0d6b63efcac7e2f239ad739cb080b9637d062031f39fdab

      SHA512

      a554461b505cc367d383d61408170d87346f5b090b283f06e2946fdfed54c0f575439f8bf9a6e0d73318d6e312d57993c8ccc1571f446a53515834f5fb81d5df

    • memory/1828-0-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB

    • memory/1828-7-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB