Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
20s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
20/06/2024, 06:05
Static task
static1
Behavioral task
behavioral1
Sample
037c3a3ebf54b9ede03e403bc915a6e6_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
037c3a3ebf54b9ede03e403bc915a6e6_JaffaCakes118.exe
Resource
win10v2004-20240611-en
General
-
Target
037c3a3ebf54b9ede03e403bc915a6e6_JaffaCakes118.exe
-
Size
23KB
-
MD5
037c3a3ebf54b9ede03e403bc915a6e6
-
SHA1
d52467a0d21a3c1f8f02cf72ff36922fa87eb17a
-
SHA256
d2c70596b463749d6fca7870ff2869d8cc40cf6a42cbf522d7d50a6517b2ec50
-
SHA512
7819f7ce3fb049ffc7656eae4c428bf7a906ac39677e7759349ae25607ac3dafd8a2044607035417d8aa1c0d25e29cc5ddac24ba3486cc827e1690607cdd971d
-
SSDEEP
384:Z/jeW8TvhjzOILdnpXtp+bSV5WNHWR9+EMQWf:Bf8TvhjpbYlY9lCf
Malware Config
Signatures
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2320 037c3a3ebf54b9ede03e403bc915a6e6_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2320 037c3a3ebf54b9ede03e403bc915a6e6_JaffaCakes118.exe