Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
24/06/2024, 12:44
Static task
static1
Behavioral task
behavioral1
Sample
08939f85e70240922624a832ec35c34b_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
08939f85e70240922624a832ec35c34b_JaffaCakes118.exe
Resource
win10v2004-20240611-en
General
-
Target
08939f85e70240922624a832ec35c34b_JaffaCakes118.exe
-
Size
45KB
-
MD5
08939f85e70240922624a832ec35c34b
-
SHA1
a0103385fa86e976bef3f31c6b32207b2d5c76ff
-
SHA256
86c60c71008ce353a6b48dbafb5d1ecf7b291f2bfceabcff6f538c17d1b30f7d
-
SHA512
b4c5ca6b2f4589b3374b08940b7e79735d39a85013c152bdd0cd4fb5e1b867fad0b3b7110410914d690a0fc3660b71c66e89ebb0b5ffcfad4acb12ee6fc739ad
-
SSDEEP
768:4V8MQ2OD7Tt077k2zASbRQpjDAsUvXw+7uqsoWCROV2IJw54XnTOOz4wTEyi:z72OD7Ttqku63AsarmJVlJWa6OFE
Malware Config
Signatures
-
Drops file in System32 directory 1 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\utopb.exe 08939f85e70240922624a832ec35c34b_JaffaCakes118.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main 08939f85e70240922624a832ec35c34b_JaffaCakes118.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\TabProcGrowth = "0" 08939f85e70240922624a832ec35c34b_JaffaCakes118.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2392 08939f85e70240922624a832ec35c34b_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 2392 08939f85e70240922624a832ec35c34b_JaffaCakes118.exe Token: SeSystemtimePrivilege 2392 08939f85e70240922624a832ec35c34b_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 1 IoCs
description pid Process procid_target PID 2392 wrote to memory of 1260 2392 08939f85e70240922624a832ec35c34b_JaffaCakes118.exe 21
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:1260
-
C:\Users\Admin\AppData\Local\Temp\08939f85e70240922624a832ec35c34b_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\08939f85e70240922624a832ec35c34b_JaffaCakes118.exe"2⤵
- Drops file in System32 directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2392
-