Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/07/2024, 10:30

General

  • Target

    4debd045774eec54d76b00e78c1259a5_JaffaCakes118.exe

  • Size

    17.6MB

  • MD5

    4debd045774eec54d76b00e78c1259a5

  • SHA1

    2f533d5f5b0ff74f75b2a8a8f77ec1b673c446a8

  • SHA256

    e12431896184060e3bf3c8d25913db7119ab2417504db05f0477483605d513b5

  • SHA512

    773dc18dc105f74f87de5af6fff507fa1511d5cb56b8f141afd52ac68e27bf808b407239f658ff0f49b4b3dcc8f0df9fd39a8cf0cae54665cf76558af3bf724b

  • SSDEEP

    192:i2VAKqGxc49My2dNQOm49A476byj9zHJeyJ+43cDimP1oydUV8z5L/CldolMGoVT:iPqcxwAd+43cWQ1jUa1LCcM4aeWFj

Score
10/10

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
  • Deletes itself 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Drops file in Windows directory 4 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4debd045774eec54d76b00e78c1259a5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4debd045774eec54d76b00e78c1259a5_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:3424
    • C:\Users\Admin\AppData\Local\Temp\4debd045774eec54d76b00e78c1259a5_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\4debd045774eec54d76b00e78c1259a5_JaffaCakes118.exe"
      2⤵
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:2980
      • C:\Windows\Googlets.exe
        "C:\Windows\Googlets.exe"
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:3056
        • C:\Windows\Googlets.exe
          "C:\Windows\Googlets.exe"
          4⤵
          • Modifies WinLogon for persistence
          • Deletes itself
          • Executes dropped EXE
          PID:4152

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MyTemp

    Filesize

    84B

    MD5

    2d2caf5edee706d75de553ce945e70eb

    SHA1

    64cc05e73cf143ad4496a528e5534f1833a82915

    SHA256

    8115eb68f44bdd0b1cf43479bc3bd22b11e2ee295e954627eadbdf834a636fc3

    SHA512

    f8ea84414ee3170eb1577ac7c5d9cb5336f9af7ba942ff4f648e6d72383508cc6ac1951ac266c7370846a61705cd1eae1f6918cecabca10cbc5d1e751ae817a8

  • C:\Windows\Googlets.exe

    Filesize

    42.8MB

    MD5

    37ae59b043eafc6099afaeadb2ab3faa

    SHA1

    65ba79356f6781d9f7bc30a01df0f09ad2c9a0b8

    SHA256

    fdd3fbf8fdc992e7d294b9157027cad1b56ae84e95dfa51de639b2a1a254a6d4

    SHA512

    b5747989aa1f3df14531480f49b2d47b705958b3fad9003420562bd5be7697126f06e53ab80ced75a23e13b761d641c08e95a3ff2a1d6018fc0a405efacb1960