Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
92s -
max time network
108s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
19/09/2024, 16:56
General
-
Target
ebc9244e86cc5318d09bf062c67084c2_JaffaCakes118.exe
-
Size
361KB
-
MD5
ebc9244e86cc5318d09bf062c67084c2
-
SHA1
43cc09cd651af0d0ca4635385dfb4b796085cbda
-
SHA256
e39833957b0f9e99d6d2a4c6ce4c28c63f6b083fb5fdded4da7dd3f8eb1c7846
-
SHA512
afdf45dffb3ec3e18d9a9ce3368db16d9594afa8eaad90d7fd64ed90144331ec8021be4b72349f3d35ed76d1bb14dd81b30a8fc3c9abb1334da79bafb63ed9df
-
SSDEEP
6144:QGs4XwY/HPJ6xzJ44nDWgRAkPUfGQn8xID0DMF+soQWqFqEYXqZwGPmf34fuDpbb:U4XF/H0dJR3PUfGLxe0Dlsfxq5XH3ygb
Malware Config
Signatures
-
Server Software Component: Terminal Services DLL 1 TTPs 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in System32 directory 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ebc9244e86cc5318d09bf062c67084c2_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\ebc9244e86cc5318d09bf062c67084c2_JaffaCakes118.exe"1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\server.exeC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\server.exe2⤵
- Server Software Component: Terminal Services DLL
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
112KB
MD559efb24abe53baf9a725be4c73b368c3
SHA1e06fbac39bd52606666eef5aac2bd9a7e4247e5e
SHA256e3f9c3131045da00a6b53cbc183e32b755f2a1c0ad8ac5e30299a17ee734a1e1
SHA512f17222696c8d6b67a94427637ddaf4927c32c7adc017e73ad5ac7b6760114a65cadca31b469b0bd213208e38e2504e2faaefc148754c7578cbbfc6824373c490
-
Filesize
87KB
MD5e8b8836b71d6b542b06e016dc8b88e2d
SHA15ba23e4dbf17b0440474df801fa46d513f263741
SHA256f5ddaca68aaae1bf8a3753cb12785e19a2aba9fcb17b166a66f00a0e3995fd34
SHA5126a37f5d14c87b204d5041d86ae19046124f47ddd2b4a15e6bb4c74e9f1cbe5f4c53fc18e3c0118484197b81c705ddf4bc41be6edf813b37909627ad952857f5e
-
Filesize
48KB
-
Filesize
504KB
-
Filesize
504KB
-
Filesize
504KB
-
Filesize
40KB
-
Filesize
296KB
-
Filesize
504KB
-
Filesize
296KB
-
Filesize
504KB
-
Filesize
504KB
-
Filesize
504KB
-
Filesize
64KB
-
Filesize
4KB
-
Filesize
296KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
4KB