Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
21/04/2024, 16:31
Static task
static1
Behavioral task
behavioral1
Sample
ffb54a593c21770e07a7a8ed29eb4398_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ffb54a593c21770e07a7a8ed29eb4398_JaffaCakes118.exe
Resource
win10v2004-20240412-en
General
-
Target
ffb54a593c21770e07a7a8ed29eb4398_JaffaCakes118.exe
-
Size
92KB
-
MD5
ffb54a593c21770e07a7a8ed29eb4398
-
SHA1
a5bcd270739afdd2f29c9849f4c7f2e16602c518
-
SHA256
bf10c79411a7a7fa0160ecbca40e56bf5820655c2e6da9c5e44a7a35192f2c0d
-
SHA512
d07ecb76499531117e267ac949c74dc1dbc96f65a17036ce6f15154eb688fcd23120e6cfca861d15c42a304888b277f1d9dea1a65dab987ee541968f94935d55
-
SSDEEP
1536:SSOhET7Ou4QaJ0IBSuxkXJFL3mmK/RYsxKAIs27OxiEGPYKI/TkF/00J6IA7cBa:ST/3JzBvwl2m0vMzVX5SkF/MoBa
Malware Config
Signatures
-
Drops file in System32 directory 1 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\s.exe ffb54a593c21770e07a7a8ed29eb4398_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4636 ffb54a593c21770e07a7a8ed29eb4398_JaffaCakes118.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5eb6c5d961953801c03f0093c0cb1b55e
SHA1c63b78db1bb688d2d6775713fbfa7f5455da9f3d
SHA256e4f248ffa9f97ee6b09f4f3c5fd0c1196b43ab19148a058d9816a74e36011f01
SHA5123c7190c4bf58a5c3871f306c9f8c6e133525f419d9fc1ebd21bb88834e79660527e3b3d2282691c7b2801cc07790172a28c63a9766fb1dbe13b940609e317ade