Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    140s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/08/2024, 20:28

General

  • Target

    8bda80b25c1e8a3ca59ad10280cbdc50_JaffaCakes118.exe

  • Size

    184KB

  • MD5

    8bda80b25c1e8a3ca59ad10280cbdc50

  • SHA1

    ee2c7a6afd7585a9819757061e68840e57d45631

  • SHA256

    9c86398002b0410207ef840d87108db7779082875a78865a9c30e52b9d07c8fa

  • SHA512

    ac1e31b7be68119e2b73f7ec0ffd9bb773d88a35a36fa01bc0d5b7ac8c2ae2390f18dffbc8e4a672885beece9dc9554930485733011623e64dc757b1501fe3d6

  • SSDEEP

    1536:qOgwPUp0WEMAAF6OpCzdq25hBfsBttVIQKE/RT6M0jubaDaCFUMgdKL3GRIoIno1:ZdvvOqq25haXVeEJNeUMgQ3GG/oute

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8bda80b25c1e8a3ca59ad10280cbdc50_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8bda80b25c1e8a3ca59ad10280cbdc50_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:804

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\240618828.INI

    Filesize

    12.1MB

    MD5

    6a09357439301aa755a94e720bf88b21

    SHA1

    b6b6df6cb119f9c04792d33ac91696f2c23e1227

    SHA256

    4e40d2bc38a7d4a26d0914b981ba18ae2b56258381d603d2dd61b4d9dc61faba

    SHA512

    d5a7e4641d23777deeeb6d0cc0076c53c1235c3983b2c3a86603b5fed802465377f2d183f42fa2147409abf154acf859bc681769c5a96d4238ac5200e0c76cef

  • memory/804-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

  • memory/804-7-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB