Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
27/01/2025, 14:06
General
-
Target
JaffaCakes118_4050f3601ab7931a0f6db2262ecb25a9.exe
-
Size
165KB
-
MD5
4050f3601ab7931a0f6db2262ecb25a9
-
SHA1
aea77ad2a71dea57b06d824ab8617149e2d1edcc
-
SHA256
cd705b00962c246a2513eebce6e3c6b50aed5b3576569006d362a3f16e5b10ea
-
SHA512
1d1ce6495680eb604873297f515f163e9c9145451552158bd897968eab3094e3b8b8ea46e974a15b28b11e9f82a7f64f8569d2c0720d00f30f5a69e140fe2507
-
SSDEEP
3072:hMMbRiYder+FnuJ2PaCZwXPlbPXHVO2oBvQ6xNDCnz1dShLeA184Uum9xVp:hzb0Yd+3Ehih1PoBI6HDw11A184UTxV
Malware Config
Signatures
-
Cycbot
Cycbot is a backdoor and trojan written in C++..
-
Cycbot family
-
Detects Cycbot payload 7 IoCs
Cycbot is a backdoor and trojan written in C++.
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
UPX packed file 10 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4050f3601ab7931a0f6db2262ecb25a9.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4050f3601ab7931a0f6db2262ecb25a9.exe"1⤵
- Modifies WinLogon for persistence
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4050f3601ab7931a0f6db2262ecb25a9.exeC:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4050f3601ab7931a0f6db2262ecb25a9.exe startC:\Program Files (x86)\LP\0B09\619.exe%C:\Program Files (x86)\LP\0B092⤵
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4050f3601ab7931a0f6db2262ecb25a9.exeC:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4050f3601ab7931a0f6db2262ecb25a9.exe startC:\Program Files (x86)\4DB0B\lvvm.exe%C:\Program Files (x86)\4DB0B2⤵
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
996B
MD52674d1714a952a910bdcda1a3aec0e8b
SHA16d2f7b01aaf72b65cbd81e70bf09c2e65ee88af3
SHA256ecb54c8b06958c9134d35fd89b82f112bd1bc5a1683c267cc296877da7f6afe9
SHA512669751e93700740bfb14f6686f02521196e68c1677df2e659fda8b2f1c0bab843509a6ed533c93ec666d5e99ab01726086907d4156865db4fc408bc70a6eb868
-
Filesize
600B
MD5129bcfedcb2c684691f97574d0544335
SHA1bc93427ae5f85b4b5f75cd617ccc427a9db64abe
SHA256e5046c029873478748a69efcfef06e4a391c66a3206717c4911780028d93a304
SHA512039079080463846fcb08f1681e9c527c0e338d6d312dfa0b907ce40414802c855bedbd657f8e6e1f3174a3e5a3d3aeece81eb535496c7c75e317296480499186
-
Filesize
1KB
MD5f294e79f1544ac1efaa68fe00cbbecb4
SHA15fc41f4a7835321399da90075f51378a35b2e478
SHA2569414793d74da7d4a2951f0691ea7a29dd398102c97672121f6dee03e6fedacf4
SHA512ad89c744e2d9112fb7aa649de6697bdc072d8b1706755e6773de2b06620266eaa910ce7072c65e1fa8f3b09ae1a8b09439e80a8bd7fecaa28d83e89432696e74
-
Filesize
580KB
-
Filesize
228KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
228KB
-
Filesize
228KB
-
Filesize
228KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
568KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
568KB
-
Filesize
228KB
-
Filesize
580KB
-
Filesize
228KB