Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
09/05/2024, 12:58
Behavioral task
behavioral1
Sample
2a114525eb112255d53e1429b018ad8f_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
2a114525eb112255d53e1429b018ad8f_JaffaCakes118.exe
Resource
win10v2004-20240426-en
General
-
Target
2a114525eb112255d53e1429b018ad8f_JaffaCakes118.exe
-
Size
2.3MB
-
MD5
2a114525eb112255d53e1429b018ad8f
-
SHA1
b567e6b92b8f69ee1a088af76e62c44640fc1da0
-
SHA256
2424791f238454a0dbca0e74501e9b58dc68e60453ecfb7bc2bc609df939b278
-
SHA512
888a015222d7d5aa931284c9365832bb026109521fcf80af4b28e3f2741ffe1a3643d5a72cda795076598e09c0c6f9c5fa9763b8df06aaf74c0a31110a1e2084
-
SSDEEP
49152:PJatr4B5PJvXOb+4b4QTGDIXsEce2GbyLbhW5b856oB9Nfok4tSX:Pcrc5RvM+49zcEmhAozBDfds8
Malware Config
Signatures
-
Unexpected DNS network traffic destination 15 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
description ioc Destination IP 223.5.5.5 Destination IP 223.6.6.6 Destination IP 223.6.6.6 Destination IP 223.6.6.6 Destination IP 114.114.114.114 Destination IP 223.6.6.6 Destination IP 114.114.114.114 Destination IP 223.5.5.5 Destination IP 223.5.5.5 Destination IP 114.114.114.114 Destination IP 223.6.6.6 Destination IP 114.114.114.114 Destination IP 223.5.5.5 Destination IP 114.114.114.114 Destination IP 223.5.5.5 -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 2a114525eb112255d53e1429b018ad8f_JaffaCakes118.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 1844 2a114525eb112255d53e1429b018ad8f_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1844 2a114525eb112255d53e1429b018ad8f_JaffaCakes118.exe 1844 2a114525eb112255d53e1429b018ad8f_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2a114525eb112255d53e1429b018ad8f_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\2a114525eb112255d53e1429b018ad8f_JaffaCakes118.exe"1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1844