Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
04/10/2024, 20:42
General
-
Target
14da9c0b740465e340110e7770b3964f_JaffaCakes118.exe
-
Size
333KB
-
MD5
14da9c0b740465e340110e7770b3964f
-
SHA1
97b0e9948e955c958f84f9eca0fc8b5956e8be37
-
SHA256
a9a2e5d1e392fde875e5bf12c25ec17c92f91346b5fbbd58a79daaec08d7a3b6
-
SHA512
d29797bab0e845284b42d05b009802e994023197a50c897729ba49443fd1055e8dd8cfd46096d6d42ac738fe75fa7f562c5e090ac82f355474e7ce45b4210524
-
SSDEEP
6144:CxF74bab59oicM835IPUdv4+n+IW+xdY2DDQdsiyfxPh4eUT/1XPGL1qmY+D527z:7ba19otM83Rv+IZTbD7iy5kThGLy
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\sihost.exesihost.exe1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc1⤵
-
C:\Windows\system32\taskhostw.exetaskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}1⤵
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Users\Admin\AppData\Local\Temp\14da9c0b740465e340110e7770b3964f_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\14da9c0b740465e340110e7770b3964f_JaffaCakes118.exe"2⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Hycoet\ximeba.exe"C:\Users\Admin\AppData\Roaming\Hycoet\ximeba.exe"3⤵
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmpaf15f02d.bat"3⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc1⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.86 --initial-client-data=0x238,0x23c,0x240,0x234,0x248,0x7ff85c6cd198,0x7ff85c6cd1a4,0x7ff85c6cd1b02⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2140,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=2136 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1820,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=2172 /prefetch:32⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2400,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=2716 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1416,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=4412 /prefetch:82⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
271B
MD528e1a1771b18ea4648c2b24c357554c3
SHA179cdc9ac079355bd1712e9d732a70d12062dc78c
SHA2563e7e2a3cb4ae11d71e5fb8fcddb583dceaa544820db80e582633177a8f0e6d64
SHA51230e56399e63aa7bc4fc2cf4209ccb596406f0f95318bc72a11ffc8d5df715db36ed18bde2acf5a66b54bb361e09dde05cbbb900d2fb1304f5fb25f04a3f7db9d
-
Filesize
333KB
MD58bdc3aa93a262421f384b6364778fe38
SHA13044c24ae0b8fadf9b63e63e677529ebd8356e51
SHA2565b0b8c6c7580caa093f728b6b7c884bd59d6b2a0e5ead79c067b89bba4725719
SHA5125868970be755976ca4b1f223de67cb12338edf4930cc98907d8cab1f8dd6de3d567d4a996e40867a8c564155b1f1adf26c18b60b757abefd2d5056b1e3bad392
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
344KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
64KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
344KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
344KB
-
Filesize
304KB
-
Filesize
344KB
-
Filesize
344KB
-
Filesize
344KB
-
Filesize
304KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
304KB