Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
26/06/2024, 21:59
Static task
static1
Behavioral task
behavioral1
Sample
139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe
-
Size
45KB
-
MD5
139cb7b5f357a3ceb8be8b6e49d95491
-
SHA1
8acd6857aebc94b00f966a291b0b5c8fb6daf1a6
-
SHA256
90d7603e1ad56c35bf268e2a7035b9f2e3158ce284521bd07658073c22bd81b4
-
SHA512
240d3ba1866033e072069f0cc757c67a4d3861de605270ba8cc876c0aeb3ac0f7dbebcebe282e1bf170c873b56c3183962b79aa20884cd241c4dc246c10bb2ce
-
SSDEEP
768:GSNMqQyeKQOLnZT3CIH2ys3YaVRIYFqqGnoQBlT4XA+qnBdkRN2+6dXxcjbFK:RNMqVeKQYnZT3vWy0YaRI8zA+6Bd+N5D
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "C:\\Users\\Admin\\AppData\\Local\\Temp\\139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe" 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe -
Impair Defenses: Safe Mode Boot 1 TTPs 3 IoCs
description ioc Process Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\WinDefend 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe -
Modifies WinLogon 2 TTPs 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\ 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe 2308 139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\139cb7b5f357a3ceb8be8b6e49d95491_JaffaCakes118.exe"1⤵
- Modifies WinLogon for persistence
- Impair Defenses: Safe Mode Boot
- Modifies WinLogon
- Suspicious use of SetWindowsHookEx
PID:2308
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
25B
MD5a5db95b4f3fc7efac9e778ab083a81c8
SHA151644a41f7ea811242293aef5d8e1adcf8748e7b
SHA2566b706a9ffc39676de13f91ea1ea65b9230de531dc862855e08ad5f643a477b79
SHA512673d64cabeb20f99a94cdc71f108259ca6162be84d5885c335a39e3884e59d92f84ab771b9dd4eecd4b7228774f204cffdc0b1e0bf300f465930d3dfe180f071