Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    15/05/2024, 18:50

General

  • Target

    478bfcd0e548482376e73bb3f70b7f40_JaffaCakes118.jad

  • Size

    71KB

  • MD5

    478bfcd0e548482376e73bb3f70b7f40

  • SHA1

    7ed9a16457777606ff8b72e31c633e04c2f0fe5c

  • SHA256

    9b667ac9cb7f93fcb075c2fbbfeb79e9a17302cf49d88253b87d46bf65828b50

  • SHA512

    3f4120d15aa7e7f2502f2ba634035ce285ac36df07843ab861f9792ce6824ceaadd49115787f875195288ce6fe4e8b3b60bec3ade2b07717da03264bdf1a2a32

  • SSDEEP

    1536:exY2pxBWG1vAxhEopEoEtx7d5kZCbBV9qsrsej5UYy:cVhYVLQd5jB/ZrseFry

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\478bfcd0e548482376e73bb3f70b7f40_JaffaCakes118.jad
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1920
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\478bfcd0e548482376e73bb3f70b7f40_JaffaCakes118.jad
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2600
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\478bfcd0e548482376e73bb3f70b7f40_JaffaCakes118.jad"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2648

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    8f68273d4fca196a45960243ed007745

    SHA1

    32cf85169df58794c8761e2b993d563affedfbba

    SHA256

    5dd5c2bb1f69964d554d55ad0c53b33485c5bc8de7e49f5d3078d9de50221271

    SHA512

    99ae208be7fb8262e538cbb42f70a5815439454f5bb4a5383e4bd08095898d37bfc410f7f0633c4543f77e2e7ac7f9bf370d4e67192bc50896555d2056623bd2