Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
93s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
16/07/2024, 09:34
Static task
static1
Behavioral task
behavioral1
Sample
4dbb65af75d031b700bedaa97f4e6c8a_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
4dbb65af75d031b700bedaa97f4e6c8a_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
4dbb65af75d031b700bedaa97f4e6c8a_JaffaCakes118.exe
-
Size
1.9MB
-
MD5
4dbb65af75d031b700bedaa97f4e6c8a
-
SHA1
764c243c082d5dc43225f233ba6ce0d66fd89fef
-
SHA256
e24de67f68709c6beea560cd16a1b3bd82feed42aed63aff51b8c69ab5388044
-
SHA512
2d8dbdd3224924bde6c3abe1c7268afcbc6507c7477e5410e4c4f95bd9695fb0952e7428de11e02189f5fe9120c5bad663a2cc1cdca0566af2a6aceb3f85f477
-
SSDEEP
24576:N2oo60HPdt+1CRiY2eOBvcj3u10dCZ4tIyit1KK5IvQqWZwoa17vHF7OZZH5L9D:Qoa1taC070dCZanuEK5cbca1DHF6ZZHX
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4328 C2B4.tmp -
Executes dropped EXE 1 IoCs
pid Process 4328 C2B4.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4764 wrote to memory of 4328 4764 4dbb65af75d031b700bedaa97f4e6c8a_JaffaCakes118.exe 86 PID 4764 wrote to memory of 4328 4764 4dbb65af75d031b700bedaa97f4e6c8a_JaffaCakes118.exe 86 PID 4764 wrote to memory of 4328 4764 4dbb65af75d031b700bedaa97f4e6c8a_JaffaCakes118.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\4dbb65af75d031b700bedaa97f4e6c8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\4dbb65af75d031b700bedaa97f4e6c8a_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4764 -
C:\Users\Admin\AppData\Local\Temp\C2B4.tmp"C:\Users\Admin\AppData\Local\Temp\C2B4.tmp" --splashC:\Users\Admin\AppData\Local\Temp\4dbb65af75d031b700bedaa97f4e6c8a_JaffaCakes118.exe DC3B646F696ADBA8784A1CBD69F60862F0D42843ABAE18FF1F8205B04E82831200CBC33E9A42C5CDC7290C955522E26B360736B8BC912841E7972A0E6E07961C2⤵
- Deletes itself
- Executes dropped EXE
PID:4328
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.9MB
MD59ab4fe2f731a36d180efda2426228f85
SHA13a046e7be98a2adc72975a980691082ab3cec341
SHA256b12451b5256a1aa3c20a2ba77f871594d849ba8f25491c348260d7e77b17768e
SHA512bda2eb3f928e7d2d09a59731c0e3476653ddac680f2451d517657974f08cb7b3cda2edeee1675039ddd1da69f8606287d9a64cc015441edf78df5370607c4630