Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
130s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
12/08/2024, 01:37
General
-
Target
8ccdf8857054fa2efc455b69258956a6_JaffaCakes118.exe
-
Size
376KB
-
MD5
8ccdf8857054fa2efc455b69258956a6
-
SHA1
58bfe73edcb7c862e73bd35c6587ef12497295a1
-
SHA256
9e30fdfa70ce4289e48461c2862f1806e79633c0416fff1832a30d665ce7c1e8
-
SHA512
09a90013195ee2e9421681b81da399797de69f7bef96144a47bdc28d015b3b6331d65b7c3438a4ac6f8145181730412f15db39d74fe050cd88adfd5475fd25f1
-
SSDEEP
6144:jfYte9zBUGBIVKH1yF2idZecnl20lHRxp3g/KzXHwxrE7eMsSgmLVFweF4X3Y:EUFBGVKVuF3Z4mxxmKjQxw73sSgmLVyw
Malware Config
Signatures
-
Gh0st RAT payload 3 IoCs
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Drops file in Drivers directory 2 IoCs
-
Server Software Component: Terminal Services DLL 1 TTPs 1 IoCs
-
Deletes itself 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Drops file in System32 directory 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: LoadsDriver 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8ccdf8857054fa2efc455b69258956a6_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\8ccdf8857054fa2efc455b69258956a6_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Server Software Component: Terminal Services DLL
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s FastUserSwitchingCompatibility1⤵
- Drops file in Drivers directory
- Deletes itself
- Loads dropped DLL
- System Location Discovery: System Language Discovery
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
98KB
MD56b474e54deab28181da70a050d4151a0
SHA1195612d4bf09b048b975e2d00d89b01f9e3596da
SHA2567d672902dea809e40ff20687585908378fdaae878348516440866818259b161f
SHA51284425aadf73e17fc6f17dbc67f6f41068aad31bc9207d399e8a86794d62b0317a6da34030436c373891aab8f441494b49de3b02a7bc3829c0b939d41abc05ecb
-
Filesize
98KB
MD55ca13d7275172cf65aef469ab17dcf1c
SHA1aaf45fcb231f2ddc954f0005223ca5efec4aea44
SHA2564d6189205944bd01df5f62a18abd74f4a3dbc255a185cb4c49b250d3f4fd58f3
SHA512fe0a11320443165be6d4b3ddd5a009d6788adeaa2e503fbc2a80f996009a61aad82484783ea255a6337c520ebc9412d181effa57f465fbf29ee76b7b446e7717
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
448KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
336KB
-
Filesize
448KB
-
Filesize
336KB