Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
11/05/2024, 20:03
Static task
static1
Behavioral task
behavioral1
Sample
364ee8ce93cd339ab81320de0e44d3a8_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
364ee8ce93cd339ab81320de0e44d3a8_JaffaCakes118.exe
Resource
win10v2004-20240426-en
General
-
Target
364ee8ce93cd339ab81320de0e44d3a8_JaffaCakes118.exe
-
Size
12.2MB
-
MD5
364ee8ce93cd339ab81320de0e44d3a8
-
SHA1
e56783bbc998efef5bbebd2816d14670856a9a34
-
SHA256
2e4d530be88cf5da732da9787b334720772df9a8f78c3fcb5ba01cba74e4a2ca
-
SHA512
862a34594ec9f02b56e1dd2638fb26f990f59c67bf1867d806b68e0b49660ee19d02b1c5408f8a1c0b91e1875ce881af88d2e063837db65d7f500168523d7e68
-
SSDEEP
98304:qWRhbiKZu3pKdL0z0SPdiBvNDrUpbci6X:qWRhb7RdL0z0WdM9UpG
Malware Config
Signatures
-
Script User-Agent 1 IoCs
Uses user-agent string associated with script host/environment.
description flow ioc HTTP User-Agent header 3 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 2316 364ee8ce93cd339ab81320de0e44d3a8_JaffaCakes118.exe 2316 364ee8ce93cd339ab81320de0e44d3a8_JaffaCakes118.exe -
Suspicious use of SendNotifyMessage 2 IoCs
pid Process 2316 364ee8ce93cd339ab81320de0e44d3a8_JaffaCakes118.exe 2316 364ee8ce93cd339ab81320de0e44d3a8_JaffaCakes118.exe