Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
16/07/2024, 00:20
Static task
static1
Behavioral task
behavioral1
Sample
4c09761b8039307d3d23a9bd46a2b34e_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
4c09761b8039307d3d23a9bd46a2b34e_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
4c09761b8039307d3d23a9bd46a2b34e_JaffaCakes118.exe
-
Size
116KB
-
MD5
4c09761b8039307d3d23a9bd46a2b34e
-
SHA1
8c587a20526b5c07d7f372ed7a7739ef25f7a0ad
-
SHA256
9373b5f2a4af89b44e376d0a10efcce7cca7770b4a41959548b2d44f41e56145
-
SHA512
2e85729aaede12129405fa7f4354022e462ad8cea215f259c0023d78b8bd1a33f1b7d44c2b97c45f4b4488951e240b33b6a98ff767d822dac0d4ce428ac97591
-
SSDEEP
3072:98RTVXDNJqxSA5HDc3I3nNoOsRXurRUQzj+5d/U:SZRcx5VMpOKXur2Qf+5d
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3100 Kcisya.exe -
Drops file in Windows directory 6 IoCs
description ioc Process File opened for modification C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job Kcisya.exe File created C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job 4c09761b8039307d3d23a9bd46a2b34e_JaffaCakes118.exe File opened for modification C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job 4c09761b8039307d3d23a9bd46a2b34e_JaffaCakes118.exe File created C:\Windows\Kcisya.exe 4c09761b8039307d3d23a9bd46a2b34e_JaffaCakes118.exe File opened for modification C:\Windows\Kcisya.exe 4c09761b8039307d3d23a9bd46a2b34e_JaffaCakes118.exe File created C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job Kcisya.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Software\Microsoft\Internet Explorer\Main Kcisya.exe Key created \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Software\Microsoft\Internet Explorer\International Kcisya.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe 3100 Kcisya.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4132 wrote to memory of 3100 4132 4c09761b8039307d3d23a9bd46a2b34e_JaffaCakes118.exe 86 PID 4132 wrote to memory of 3100 4132 4c09761b8039307d3d23a9bd46a2b34e_JaffaCakes118.exe 86 PID 4132 wrote to memory of 3100 4132 4c09761b8039307d3d23a9bd46a2b34e_JaffaCakes118.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\4c09761b8039307d3d23a9bd46a2b34e_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\4c09761b8039307d3d23a9bd46a2b34e_JaffaCakes118.exe"1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4132 -
C:\Windows\Kcisya.exeC:\Windows\Kcisya.exe2⤵
- Executes dropped EXE
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
PID:3100
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD5309fc7d3bc53bb63ac42e359260ac740
SHA12064f80f811db79a33c4e51c10221454e30c74ae
SHA256ac11339ffa8f270c4f781e0a3922bb1c80d9dee6e4b6911ca34538ed9ae03caa
SHA51277dd27d30f4e13a0bcd6fd27ae7567c136d87393e5ee632bccf05b0a0d2bbcc2fc0fd777a8508e26cc4fc579c8da0ab56b7bf179b1adc70f28f7d0eee89fa5f8
-
Filesize
116KB
MD54c09761b8039307d3d23a9bd46a2b34e
SHA18c587a20526b5c07d7f372ed7a7739ef25f7a0ad
SHA2569373b5f2a4af89b44e376d0a10efcce7cca7770b4a41959548b2d44f41e56145
SHA5122e85729aaede12129405fa7f4354022e462ad8cea215f259c0023d78b8bd1a33f1b7d44c2b97c45f4b4488951e240b33b6a98ff767d822dac0d4ce428ac97591
-
Filesize
390B
MD559a76d42bea8e85e0c3485a25178c96d
SHA11f8f4efce3266255b94cf92e199598b6421e3b42
SHA2561826a3d651ac41adf1d8fb368a60e7d84ece1b7fd3461fea05c2d4a6d7b6f4c0
SHA5126e8e5f2bddc0eec764fe604e74507d6d1c8bf3af9aceedecbccdc64eda626d33033551988747bc29ffdf4b0d7cf2c1075f8f3c8502e6b0abcff85f3189ac16f3