Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03/05/2024, 13:26
Behavioral task
behavioral1
Sample
10a295a5698997d5c88c590ffb5c8a4b_JaffaCakes118.exe
Resource
win7-20240221-en
4 signatures
150 seconds
General
-
Target
10a295a5698997d5c88c590ffb5c8a4b_JaffaCakes118.exe
-
Size
585KB
-
MD5
10a295a5698997d5c88c590ffb5c8a4b
-
SHA1
79ea9631a43ca8b44b0ec8b756925a7d3dc1912b
-
SHA256
e53094f90013414237829f4c7ce84677b195ec13441a8f7e70272b25ec777f38
-
SHA512
ea853e206f7ea5947362e8fe01914420698353c10479db78ca87d6f5ebeb5fa404a801d92b1ce5e9942a47a924465cffd5da3ceecc4518404a1cb8595b7cf795
-
SSDEEP
12288:Wdx9uJFTuzAgmzJ1lg0zGs7mViaagEDeRRqEM9u8V8DIe:WdqyFq/x78zo79u8VAB
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
resource yara_rule behavioral1/memory/2124-0-0x0000000000400000-0x0000000000523000-memory.dmp upx behavioral1/memory/2124-26-0x0000000000400000-0x0000000000523000-memory.dmp upx -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeManageVolumePrivilege 2124 10a295a5698997d5c88c590ffb5c8a4b_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2124 10a295a5698997d5c88c590ffb5c8a4b_JaffaCakes118.exe 2124 10a295a5698997d5c88c590ffb5c8a4b_JaffaCakes118.exe