Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
6s -
max time network
6s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
06/04/2024, 14:52
Static task
static1
Behavioral task
behavioral1
Sample
e2c93641dec4e299a2ab1423f6c661b3_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
e2c93641dec4e299a2ab1423f6c661b3_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Errors
General
-
Target
e2c93641dec4e299a2ab1423f6c661b3_JaffaCakes118.exe
-
Size
124KB
-
MD5
e2c93641dec4e299a2ab1423f6c661b3
-
SHA1
9189d241f41484fbaf6c97a4ed1d2b7635595186
-
SHA256
0f8fbeb34f24024899a10ce041b35133c400e00860dec0c6de9faddc24f8e713
-
SHA512
41b2e76bc8eb1777252ad1bb1633cc9ac55b26d15677b5afa7d22cdd3ce6fea665d175e0111b0afb03763afafc3c0b448b99e62ae5143bf8b2611c6b86a1dd4e
-
SSDEEP
1536:cFEpFdkJ7NudnyIqRmImR9s0WIMhKENd77Ye8F7liLFcHo5A4PXHuAkl5zCH:cFEplNqITfs0WIRAP+iLiHo5LWAE5zY
Malware Config
Signatures
-
Modifies AppInit DLL entries 2 TTPs
-
Drops file in System32 directory 1 IoCs
description ioc Process File created C:\Windows\SysWOW64\gucdmqa.dll e2c93641dec4e299a2ab1423f6c661b3_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeShutdownPrivilege 1756 e2c93641dec4e299a2ab1423f6c661b3_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\e2c93641dec4e299a2ab1423f6c661b3_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\e2c93641dec4e299a2ab1423f6c661b3_JaffaCakes118.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:1756
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x01⤵PID:3060
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x11⤵PID:3064