Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
15/07/2024, 19:20
Behavioral task
behavioral1
Sample
4b0e7889a671656f0e3cc1421ff5713e_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
4b0e7889a671656f0e3cc1421ff5713e_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
4b0e7889a671656f0e3cc1421ff5713e_JaffaCakes118.exe
-
Size
134KB
-
MD5
4b0e7889a671656f0e3cc1421ff5713e
-
SHA1
942e086b27b0d8e97128c07c622f1a0122c16115
-
SHA256
dab8dbb28065b7ca6baa7d4eea6178183a35784b3a52fac8f851660354bdeca7
-
SHA512
d07111567ff6509a624f89d11c1d8b8c4a862239179c62509ad57d12e9c4e28520d19c8eb47607c26191f466936b9fa4b91cc7acf00d952cb8bcc1edcca0df60
-
SSDEEP
3072:VXe4EJ+LOkaiyzzYGuVKqxIXtgsB3+ksmanwBKdX7JvQtK:VXexkaiPYqxIdgyhmwBKdrJW
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3528 Zjecia.exe -
resource yara_rule behavioral2/memory/3656-0-0x0000000000400000-0x000000000043B000-memory.dmp upx behavioral2/files/0x000900000002338c-6.dat upx -
Drops file in Windows directory 6 IoCs
description ioc Process File created C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job 4b0e7889a671656f0e3cc1421ff5713e_JaffaCakes118.exe File opened for modification C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job 4b0e7889a671656f0e3cc1421ff5713e_JaffaCakes118.exe File created C:\Windows\Zjecia.exe 4b0e7889a671656f0e3cc1421ff5713e_JaffaCakes118.exe File opened for modification C:\Windows\Zjecia.exe 4b0e7889a671656f0e3cc1421ff5713e_JaffaCakes118.exe File created C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job Zjecia.exe File opened for modification C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job Zjecia.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Software\Microsoft\Internet Explorer\Main Zjecia.exe Key created \REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Software\Microsoft\Internet Explorer\International Zjecia.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe 3528 Zjecia.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
pid Process 3656 4b0e7889a671656f0e3cc1421ff5713e_JaffaCakes118.exe 3528 Zjecia.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3656 wrote to memory of 3528 3656 4b0e7889a671656f0e3cc1421ff5713e_JaffaCakes118.exe 89 PID 3656 wrote to memory of 3528 3656 4b0e7889a671656f0e3cc1421ff5713e_JaffaCakes118.exe 89 PID 3656 wrote to memory of 3528 3656 4b0e7889a671656f0e3cc1421ff5713e_JaffaCakes118.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\4b0e7889a671656f0e3cc1421ff5713e_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\4b0e7889a671656f0e3cc1421ff5713e_JaffaCakes118.exe"1⤵
- Drops file in Windows directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:3656 -
C:\Windows\Zjecia.exeC:\Windows\Zjecia.exe2⤵
- Executes dropped EXE
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:3528
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
390B
MD5033629b9b12bbbb4be5437529f5ef9e2
SHA1367817cb2012a60ab24f51f066f08a7c6db361c9
SHA2564cb8d34635b01f17a27efef45b2b286d01a288206ca2d2499dd952745ea05cbb
SHA512230f55d32a45ebbd9f675c685a4ee6b87eb390b51e48b4bfc62f2f74d420b5c11aea962d7c0004e43713343bedd2a317666b54fc1cc759904a586f5be2fc0ef6
-
Filesize
134KB
MD54b0e7889a671656f0e3cc1421ff5713e
SHA1942e086b27b0d8e97128c07c622f1a0122c16115
SHA256dab8dbb28065b7ca6baa7d4eea6178183a35784b3a52fac8f851660354bdeca7
SHA512d07111567ff6509a624f89d11c1d8b8c4a862239179c62509ad57d12e9c4e28520d19c8eb47607c26191f466936b9fa4b91cc7acf00d952cb8bcc1edcca0df60