Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    19/07/2024, 05:56

General

  • Target

    5ab98fa374fb3354a17b9f2ae40b2b32_JaffaCakes118.exe

  • Size

    359KB

  • MD5

    5ab98fa374fb3354a17b9f2ae40b2b32

  • SHA1

    64cf30c5ed3aee9b1d29e296988aa93d9f3bcf3a

  • SHA256

    1cf8af841511bc3a1210c9c02276627d87dd07d38bbb2baa44c20cf55c3a76f3

  • SHA512

    c673116e62e79a128093f34dda0abb04e59a2bf2ac13e967cd1882551bf63f9e779a6f6e23933bed2d91440005bac3e7724eef31e722c6c243a43c821cfa0a52

  • SSDEEP

    6144:0BFybY/7YsXUmrXgEXrMzp14WaumddWFlhdYBb+vDDTH0DcPGCa3DLb8NHiB:0Cm/XXgsdumdIlnYqDDTUwPbWLb8NCB

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Suspicious use of WriteProcessMemory 12 IoCs
  • Views/modifies file attributes 1 TTPs 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5ab98fa374fb3354a17b9f2ae40b2b32_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5ab98fa374fb3354a17b9f2ae40b2b32_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2304
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\MACROM~1\FLASHP~1\E9F2TM~1.BAT
      2⤵
      • Deletes itself
      • Suspicious use of WriteProcessMemory
      PID:2772
      • C:\Windows\SysWOW64\attrib.exe
        attrib -R -S -H "C:\Users\Admin\AppData\Local\Temp\5ab98fa374fb3354a17b9f2ae40b2b32_JaffaCakes118.exe"
        3⤵
        • Views/modifies file attributes
        PID:2764
      • C:\Windows\SysWOW64\attrib.exe
        attrib -R -S -H "C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\E9F2.tmp.bat"
        3⤵
        • Views/modifies file attributes
        PID:2720

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\MACROM~1\FLASHP~1\E9F2.tmp.bat

    Filesize

    494B

    MD5

    c468f5fb0089c8e8926c940e73e3d7fd

    SHA1

    5d92d48064156b713160d2dda84aea65c84f4965

    SHA256

    eef9555096048792c087e2062c345190e78340d86b5555c1110585039b30a9d9

    SHA512

    509a63459c3a0472a1fd7c4f403acc8b86fe876561302a317443f64c85884767a089240e5d0f5d6f02e990f8a9e4b782b7d4a413022411ab8efb21fab3932a53

  • memory/2304-1-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

  • memory/2304-2-0x0000000000230000-0x000000000028E000-memory.dmp

    Filesize

    376KB

  • memory/2304-4-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB