Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
138s -
max time network
171s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
04/04/2024, 17:02
Static task
static1
Behavioral task
behavioral1
Sample
bdcb41ba81987719cb5b4d87b7dbd026_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
bdcb41ba81987719cb5b4d87b7dbd026_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
bdcb41ba81987719cb5b4d87b7dbd026_JaffaCakes118.exe
-
Size
301KB
-
MD5
bdcb41ba81987719cb5b4d87b7dbd026
-
SHA1
e72707e248af1699f5737f4069c4a798cfbf0a18
-
SHA256
038bfe7f892c2d66fc069c8966158dae42cce76692dd155893c244129739f89a
-
SHA512
f98043abc34e49e3c28046040dc4bbb8018c137d5930bbba076273eeb0ec99c0f5d0f77fa69190a212c0336b77ff6936667f79d9ff1a4e4e665b696b72f64801
-
SSDEEP
3072:OYI1/E9i9A4gfSIKdbRsQOO1HobSp0xl6EPpc4VpJzNDdlcjBPEJ+:OFBSiq4gfSIctsQobG0xlfPpndiVPH
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3420 4240 WerFault.exe 83 -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4240 bdcb41ba81987719cb5b4d87b7dbd026_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\bdcb41ba81987719cb5b4d87b7dbd026_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\bdcb41ba81987719cb5b4d87b7dbd026_JaffaCakes118.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:4240 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 4682⤵
- Program crash
PID:3420
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4240 -ip 42401⤵PID:1488