Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
09/09/2024, 12:02
General
-
Target
d6450cc84f28954ad0abf9e5cac01b6a_JaffaCakes118.exe
-
Size
372KB
-
MD5
d6450cc84f28954ad0abf9e5cac01b6a
-
SHA1
13641997850fea08d8a58eb94be26c29d26275a5
-
SHA256
0459603fec0d753b1df6c2a3083fc34be796997182b77c2fa53445383d5b2f8c
-
SHA512
8f34676a33b50e9b48946c6205542af3db747f837b0e00c174ef11503583c9b336d35b9dca4b09a6aaf2e713502aad3b7185090f1b5b2a3c0944f631580f01f8
-
SSDEEP
6144:SHZA1kbQVjPXhe/qc+FNbHsHTUCzutSEVxCWr3rgNMPeXxEwf5I71IjBnsz+2St:e/Q1PQIbMHIdtFxCaEN5XxEwxxmzCt
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 1 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Checks whether UAC is enabled 1 TTPs 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies system certificate store 2 TTPs 2 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SendNotifyMessage 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d6450cc84f28954ad0abf9e5cac01b6a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\d6450cc84f28954ad0abf9e5cac01b6a_JaffaCakes118.exe"1⤵
- Adds Run key to start application
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
-
C:\Users\Public\Downloads\Norton\{3A7FA539-8005-4603-87D2-SOS1-NSS-v4}\d6450cc84f28954ad0abf9e5cac01b6a_JaffaCakes118.exeC:\Users\Public\Downloads\Norton\{3A7FA539-8005-4603-87D2-SOS1-NSS-v4}\d6450cc84f28954ad0abf9e5cac01b6a_JaffaCakes118.exe /r2⤵
- Executes dropped EXE
- Adds Run key to start application
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
157B
MD587bbf1d6949f879f25a2dadd52da899b
SHA10a5070a6865e96cd6fd199a7ba0bd5ec76106c9a
SHA256c5591a21ab46e2205abe323c5e726fdb5843a473229619688ec26dc4c65e8fbe
SHA5129a3e40f407b362266b4fc5a92b3bd578ce50e4c402a78364ce190bd7ff7ba7034216d9a96039ff0797d5d61f2aded06ed4071f5086334831de98ebf97e0863dc
-
Filesize
54B
MD59499c2f308410e48386f58ca7afccd2e
SHA1e2ef9dec757aec938d801dd720fddc0c387da7af
SHA25687e4fc1f82d5a89c7f10ca58cf5de66d184cc3ce02954a13ade3100414a3bc97
SHA512ff68637e2b3b62cf6ca812bf4d067606edacb353825628048396c45e9be8ca7725c93787b8bcf82e610cf795f69a52b20d4ac48ade5405b114643af6515cf457
-
Filesize
1KB
MD5231399b7a6f631aae16b6958c29ef1de
SHA1744a93e7ba1c7b41e8bfc2d356b051087248b024
SHA256066bf84f496d43504a6dde657d01eba0deebcff66c1fe6a8794dba080e8ea02b
SHA5122fef002cd31f1610cd172aace8ec00e27f3a54afc54e0d23b55978abc16769def984c4a0cc30b8c9690b40717652c6b6a7a5bd0d5923b005a43bce5bc02c9858
-
Filesize
372KB
MD5d6450cc84f28954ad0abf9e5cac01b6a
SHA113641997850fea08d8a58eb94be26c29d26275a5
SHA2560459603fec0d753b1df6c2a3083fc34be796997182b77c2fa53445383d5b2f8c
SHA5128f34676a33b50e9b48946c6205542af3db747f837b0e00c174ef11503583c9b336d35b9dca4b09a6aaf2e713502aad3b7185090f1b5b2a3c0944f631580f01f8
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
1.3MB