Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
131s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
27/07/2024, 12:49
Static task
static1
Behavioral task
behavioral1
Sample
7841a99b47d35a121afa5f6065a73c23_JaffaCakes118.exe
Resource
win7-20240704-en
General
-
Target
7841a99b47d35a121afa5f6065a73c23_JaffaCakes118.exe
-
Size
206KB
-
MD5
7841a99b47d35a121afa5f6065a73c23
-
SHA1
4e99899fb4c76f94d9948fe2c5074a0508524afb
-
SHA256
b3fded9fc0dc26ed46c5977b9e72e58e91c3e49a99d17a912dae53beb7cabd12
-
SHA512
7cc3c3ca8a26ef44a87d8a703b5cc3ade79a7f7374ffab11e1e0c04b6f0bd218a46091ed3ceacda6b258e3472a87c87e618307f53c74f21ff638593a9333bf92
-
SSDEEP
6144:fOdPMlDovWyRsIkQ2MqPGlMy4kuG7b+Z/PZbq:fOKlDSWieRLhMCZ/B
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/2320-1-0x0000000000400000-0x0000000000454000-memory.dmp upx behavioral2/memory/1816-11-0x0000000000400000-0x0000000000454000-memory.dmp upx behavioral2/memory/1816-12-0x0000000000400000-0x0000000000454000-memory.dmp upx behavioral2/memory/2320-13-0x0000000000400000-0x0000000000454000-memory.dmp upx behavioral2/memory/2728-82-0x0000000000400000-0x0000000000454000-memory.dmp upx behavioral2/memory/2728-81-0x0000000000400000-0x0000000000454000-memory.dmp upx behavioral2/memory/2728-83-0x0000000000400000-0x0000000000454000-memory.dmp upx behavioral2/memory/2320-187-0x0000000000400000-0x0000000000454000-memory.dmp upx -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7841a99b47d35a121afa5f6065a73c23_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 2320 wrote to memory of 1816 2320 7841a99b47d35a121afa5f6065a73c23_JaffaCakes118.exe 85 PID 2320 wrote to memory of 1816 2320 7841a99b47d35a121afa5f6065a73c23_JaffaCakes118.exe 85 PID 2320 wrote to memory of 1816 2320 7841a99b47d35a121afa5f6065a73c23_JaffaCakes118.exe 85 PID 2320 wrote to memory of 2728 2320 7841a99b47d35a121afa5f6065a73c23_JaffaCakes118.exe 96 PID 2320 wrote to memory of 2728 2320 7841a99b47d35a121afa5f6065a73c23_JaffaCakes118.exe 96 PID 2320 wrote to memory of 2728 2320 7841a99b47d35a121afa5f6065a73c23_JaffaCakes118.exe 96
Processes
-
C:\Users\Admin\AppData\Local\Temp\7841a99b47d35a121afa5f6065a73c23_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\7841a99b47d35a121afa5f6065a73c23_JaffaCakes118.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2320 -
C:\Users\Admin\AppData\Local\Temp\7841a99b47d35a121afa5f6065a73c23_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\7841a99b47d35a121afa5f6065a73c23_JaffaCakes118.exe startC:\Users\Admin\AppData\Roaming\Microsoft\conhost.exe%C:\Users\Admin\AppData\Roaming\Microsoft2⤵PID:1816
-
-
C:\Users\Admin\AppData\Local\Temp\7841a99b47d35a121afa5f6065a73c23_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\7841a99b47d35a121afa5f6065a73c23_JaffaCakes118.exe startC:\Users\Admin\AppData\Roaming\dwm.exe%C:\Users\Admin\AppData\Roaming2⤵PID:2728
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
600B
MD58b6b8af40eee8ae73f836acc1e6b51d7
SHA18ecf2d1e4b925b342c2a9496d7743415b3c77dce
SHA25603c5f9342502acec63eab1cea3b8602a51ae6fdfaddd88c0c7de127cc8f3639f
SHA5122509438fbb6070c36ffa594d059881e30ec72954129519978f25194d393de943cc4a9b532d784121da777dc0f80a3ade05ca4f0b0f73781e022847ab01bd3c4a
-
Filesize
1KB
MD543d171695f00f2f8de8bd719da01d00c
SHA1449c9a2e85ef622247d80ad6812e75125a64fe6a
SHA256a91f80d0c52c985adf01c6eac62da4a8d0dcbbb1168f41ce02482fe0c901412a
SHA512ee2e056c3bb837245c06fc86fbe77be367f67eb9b3efbeeb290b622c2219a81526e34a286bc6f31c4dd1c0fd3f2a97b570564a6ea2ccf6509287fcc2e66952a1
-
Filesize
996B
MD549e40007ad21ed2d71d7e63c50512e2d
SHA12f7fa09f06dca61baacd14353cfa07dbf76e8f22
SHA25635f3eedb65af5aed4a94882668dd0a3cdd899055a17de3af66dcf231cdfcbca2
SHA5121a73f2271d288c10e1f874f4f1eb75ca8f744a0e9498bf495fd6dfe07b3c6e6d5bb606cd70915eb87acc86859c181beb11ef1eaf087ad5f7508758dc86d9cbd7