Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

JaffaCakes...a6.exe

windows7-x64

10

JaffaCakes...a6.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/01/2025, 05:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_6d11319bded2498649bdb01fd9df6ea6.exe

  • Size

    188KB

  • MD5

    6d11319bded2498649bdb01fd9df6ea6

  • SHA1

    344828c6216a4b94999828983c2164f35435c148

  • SHA256

    1ccba7868c028c2b3c34ab1ef08c037405269facc863a98dd3d2616a89116d8d

  • SHA512

    87513854ef605903d371be84144d2ceb8d99e2c950aded6c92ee0b05a9ee1dcb4cc64b8710d1e27320d62d1251f754ec67d7a98e9976058831d2dcad4dff48e8

  • SSDEEP

    3072:r5BKDKGBj0704zeZ/fVd24/pzZwXJuDEgzw/KkBsg9AjsGgKzg3e1gNrsiVmoboh:r4R07ry/fz/p1Cuu59+jySiHjx16J

Score
10/10
cycbotbackdoordiscoveryratupx

Malware Config

Signatures

  • Cycbot

    Cycbot is a backdoor and trojan written in C++..

    backdoorratcycbot
  • Cycbot family
    cycbot
  • Detects Cycbot payload 5 IoCs

    Cycbot is a backdoor and trojan written in C++.

  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6d11319bded2498649bdb01fd9df6ea6.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6d11319bded2498649bdb01fd9df6ea6.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4644
    • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6d11319bded2498649bdb01fd9df6ea6.exe
      C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6d11319bded2498649bdb01fd9df6ea6.exe startC:\Program Files (x86)\LP\5288\9D9.exe%C:\Program Files (x86)\LP\5288
      2⤵
        PID:4912
      • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6d11319bded2498649bdb01fd9df6ea6.exe
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6d11319bded2498649bdb01fd9df6ea6.exe startC:\Users\Admin\AppData\Roaming\8E031\6D852.exe%C:\Users\Admin\AppData\Roaming\8E031
        2⤵
          PID:2192

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Roaming\8E031\1EF3.E03
        Filesize

        1KB

        MD5

        207c753c080df64a87ed4b927aec1ad0

        SHA1

        4822e2f2b917031212bf41f911f76ae29b70e15c

        SHA256

        0904bfadcbdc105fdf7a97fd25d85d7c7dd3c19e4cc4bb02b4f87111a640ed58

        SHA512

        96bedf2c51fc6e7c56bbef68918ac4545ce89885fb9e389f60ee2446250c4819077292ed6299970f6dc8de0c7f94ac2aaebbfb397753bb875e68194164d4ac7a

        Download Submit

      • C:\Users\Admin\AppData\Roaming\8E031\1EF3.E03
        Filesize

        600B

        MD5

        baaddd7d7be96b777d1c0b04aeae868b

        SHA1

        9bd01e968e820d548818adbee39f69d4e86de6be

        SHA256

        242296bb65b92887f187060ad6cb3e617f610e1ab6977359254cf928e14f5c32

        SHA512

        7b3b4cff071d3bc68b8b7b79e9cdb4a75ccd8f754a2a984d28e31c818d14655d87f9f2d1b7a534da2af63b8a7017bd50ae79c959b7b1ddbda22f7c6619d3dbee

        Download Submit

      • C:\Users\Admin\AppData\Roaming\8E031\1EF3.E03
        Filesize

        996B

        MD5

        76f1790e74b767809286fe9cf5085e27

        SHA1

        bc25b613c5965f3d82fcd50b65d7fcd1d6ccaa68

        SHA256

        82379c7a37dea9af5de8aad78060280dc52b956bcbdb26e8bd8ef81db0a6916b

        SHA512

        2f4fe4152983342f9dbff8c4330ff5e9a863fa8c69d27dffc978a227c94c93b7cd790959eea39019c34df22e30d8c38513943cd985eae4046f893838fd1cabb1

        Download Submit

      • memory/2192-92-0x0000000000400000-0x0000000000465000-memory.dmp

        Filesize

        404KB

        Download

      • memory/2192-90-0x0000000000400000-0x0000000000465000-memory.dmp

        Filesize

        404KB

        Download

      • memory/2192-91-0x0000000000400000-0x0000000000465000-memory.dmp

        Filesize

        404KB

        Download

      • memory/4644-15-0x0000000000400000-0x0000000000465000-memory.dmp

        Filesize

        404KB

        Download

      • memory/4644-0-0x0000000000400000-0x0000000000465000-memory.dmp

        Filesize

        404KB

        Download

      • memory/4644-14-0x0000000000400000-0x0000000000451000-memory.dmp

        Filesize

        324KB

        Download

      • memory/4644-3-0x0000000000400000-0x0000000000465000-memory.dmp

        Filesize

        404KB

        Download

      • memory/4644-2-0x0000000000400000-0x0000000000451000-memory.dmp

        Filesize

        324KB

        Download

      • memory/4644-185-0x0000000000400000-0x0000000000465000-memory.dmp

        Filesize

        404KB

        Download

      • memory/4912-13-0x0000000000400000-0x0000000000465000-memory.dmp

        Filesize

        404KB

        Download

      • memory/4912-12-0x0000000000400000-0x0000000000465000-memory.dmp

        Filesize

        404KB

        Download