Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

JaffaCakes...0f.exe

windows11-21h2-x64

10

Resubmissions

07/01/2025, 15:00

250107-sdsvxawkhs 10

26/12/2024, 21:37

241226-1grq1s1nf1 10

Analysis

  • max time kernel
    34s
  • max time network
    20s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    07/01/2025, 15:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_a931840a162cb636603a137463cea414aa9d906654d6bb12a92d6cad981a1b0f.exe

  • Size

    685.0MB

  • MD5

    096dc1fabe1ad64b3e2396c8e6aa4fca

  • SHA1

    2038df7cae2b236982d1acc5ce9314dcf1132ed0

  • SHA256

    a931840a162cb636603a137463cea414aa9d906654d6bb12a92d6cad981a1b0f

  • SHA512

    58f66cd7bc84b860b2c43059effd5e299f2493730ed88d5f1cb2381bf73d71d9cdabd26d6d986ee930bfb60fbdfb8b45336522d864e85300012c72a1e1200cf3

  • SSDEEP

    196608:PhXPU493Ffe2lrHmPvq4+tocAgGYqBsb2N:PlM4ZZe2pKL8o1USN

Score
10/10
privateloaderloader

Malware Config

Signatures

  • PrivateLoader

    PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    loaderprivateloader
  • Privateloader family
    privateloader
  • Drops file in System32 directory 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a931840a162cb636603a137463cea414aa9d906654d6bb12a92d6cad981a1b0f.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a931840a162cb636603a137463cea414aa9d906654d6bb12a92d6cad981a1b0f.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    PID:3896
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
    1⤵
      PID:5036
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
      1⤵
        PID:1752

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3896-0-0x00007FF785628000-0x00007FF785A00000-memory.dmp

        Filesize

        3.8MB

        Download

      • memory/3896-2-0x00007FFEE4AE0000-0x00007FFEE4AE2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/3896-5-0x00007FFEE2310000-0x00007FFEE2312000-memory.dmp

        Filesize

        8KB

        Download

      • memory/3896-4-0x00007FFEE36B0000-0x00007FFEE36B2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/3896-3-0x00007FFEE36A0000-0x00007FFEE36A2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/3896-1-0x00007FFEE4AD0000-0x00007FFEE4AD2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/3896-6-0x00007FFEE2320000-0x00007FFEE2322000-memory.dmp

        Filesize

        8KB

        Download

      • memory/3896-8-0x00007FF7852C0000-0x00007FF7860B0000-memory.dmp

        Filesize

        13.9MB

        Download

      • memory/3896-18-0x000001396A7F0000-0x000001396A86F000-memory.dmp

        Filesize

        508KB

        Download

      • memory/3896-19-0x00007FF785628000-0x00007FF785A00000-memory.dmp

        Filesize

        3.8MB

        Download