Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

5

2aebe6b698...18.exe

windows7-x64

5

2aebe6b698...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/10/2024, 04:35 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2aebe6b698b4e61b40448327a3ba603c_JaffaCakes118.exe

  • Size

    356KB

  • MD5

    2aebe6b698b4e61b40448327a3ba603c

  • SHA1

    d17afac766c94057ff085fe0339d4d951bd941dc

  • SHA256

    a89f66c9a10fd1b6014eb80548ccc464575061eef4bbab4f5b1d369ff1254715

  • SHA512

    d063564b2f8d0b8a6ab5db8131264fb81ea243a85a79740a93cfffb1466b85775c2bec2d93a06fccb3c57306594fb5e073b19dfaaef195c53bb654792d59e61a

  • SSDEEP

    6144:qdRNNx2pmGDa+D39r0JFPlGQD9gjmzjiKyxl/ExEzw15J+yGybbKZQtlk2Y1vASd:4Nx2Q+D39QFPhPkcxKw15J2yiQtm5vtd

Score
5/10
discoveryupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2aebe6b698b4e61b40448327a3ba603c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2aebe6b698b4e61b40448327a3ba603c_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:2884

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    76.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    76.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    cdn.simtel.net
    2aebe6b698b4e61b40448327a3ba603c_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    cdn.simtel.net
    IN A
    Response
    cdn.simtel.net
    IN CNAME
    wcarchive.cdrom.com.edgesuite.net
    wcarchive.cdrom.com.edgesuite.net
    IN CNAME
    a1337.d.akamai.net
    a1337.d.akamai.net
    IN A
    2.19.117.104
    a1337.d.akamai.net
    IN A
    2.19.117.76
  • flag-gb
    GET
    http://cdn.simtel.net/pub/dlm/dr_downloader_full.html
    2aebe6b698b4e61b40448327a3ba603c_JaffaCakes118.exe
    Remote address:
    2.19.117.104:80
    Request
    GET /pub/dlm/dr_downloader_full.html HTTP/1.1
    Accept: */*
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Host: cdn.simtel.net
    Connection: Keep-Alive
    Response
    HTTP/1.1 503 Service Unavailable
    Server: AkamaiGHost
    Mime-Version: 1.0
    Content-Type: text/html
    Content-Length: 373
    Date: Wed, 09 Oct 2024 14:07:52 GMT
    Connection: keep-alive
    Expires: Wed, 09 Oct 2024 14:07:52 GMT
  • flag-us
    DNS
    104.117.19.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.117.19.2.in-addr.arpa
    IN PTR
    Response
    104.117.19.2.in-addr.arpa
    IN PTR
    a2-19-117-104deploystaticakamaitechnologiescom
  • flag-us
    DNS
    200.163.202.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.163.202.172.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    98.117.19.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    98.117.19.2.in-addr.arpa
    IN PTR
    Response
    98.117.19.2.in-addr.arpa
    IN PTR
    a2-19-117-98deploystaticakamaitechnologiescom
  • flag-us
    DNS
    83.210.23.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    83.210.23.2.in-addr.arpa
    IN PTR
    Response
    83.210.23.2.in-addr.arpa
    IN PTR
    a2-23-210-83deploystaticakamaitechnologiescom
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    29.243.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    29.243.111.52.in-addr.arpa
    IN PTR
    Response
  • 2.19.117.104:80
    http://cdn.simtel.net/pub/dlm/dr_downloader_full.html
    http
    2aebe6b698b4e61b40448327a3ba603c_JaffaCakes118.exe
    650 B
     808 B
     7
    5

    HTTP Request

    GET http://cdn.simtel.net/pub/dlm/dr_downloader_full.html

    HTTP Response

    503
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    76.32.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    76.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    172.214.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.214.232.199.in-addr.arpa

  • 8.8.8.8:53
    cdn.simtel.net
    dns
    2aebe6b698b4e61b40448327a3ba603c_JaffaCakes118.exe
    60 B
     165 B
     1
    1

    DNS Request

    cdn.simtel.net

    DNS Response

    2.19.117.104
    2.19.117.76

  • 8.8.8.8:53
    104.117.19.2.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    104.117.19.2.in-addr.arpa

  • 8.8.8.8:53
    200.163.202.172.in-addr.arpa
    dns
    74 B
     160 B
     1
    1

    DNS Request

    200.163.202.172.in-addr.arpa

  • 8.8.8.8:53
    15.164.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    15.164.165.52.in-addr.arpa

  • 8.8.8.8:53
    98.117.19.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    98.117.19.2.in-addr.arpa

  • 8.8.8.8:53
    83.210.23.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    83.210.23.2.in-addr.arpa

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    29.243.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    29.243.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\GetRightToGo\2aebe6b698b4e61b40448327a3ba603c_JaffaCakes118.data
    Filesize

    1KB

    MD5

    96a1e83e1fcd612b639aabb044db7bbd

    SHA1

    f211087f7412c9b32946425da48e1d62c055427b

    SHA256

    b739d8619fc7f7ef3e0be92090487409501cc3fa56bc6be7fe4a3026790d8110

    SHA512

    88d2746c9d873dd04eb81846fbe9ed97872f6e940e422a1721d2cb22bdd58de09bb7cadeba12da22c0d3e9710349c43820de93f0d3a335b42572ae3e9abeb6e5

    Download Submit

  • memory/2884-0-0x0000000000400000-0x0000000000508000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2884-13-0x0000000000400000-0x0000000000508000-memory.dmp

    Filesize

    1.0MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.