Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
28/06/2024, 13:33
General
-
Target
1a506c9af6eff57b32a827c6e3984392_JaffaCakes118.exe
-
Size
8.9MB
-
MD5
1a506c9af6eff57b32a827c6e3984392
-
SHA1
0c83aba332ffe7f1bc58199610b5df74617197ea
-
SHA256
2d5a09de0c0242faf391ac58b34df37ac2bd005221a4e9aa8c06837f9012407a
-
SHA512
19eced3e24baec2297e83d83df73d43949616767bebe66aa738b8180c8f11a1650cae2a6db3271cda859518fa0623ba30b84239e727f5bb97a5526d3731eb4bb
-
SSDEEP
196608:Nahxq/gv17eat25iXgBwScFV/+neSZbdwfsz/L/SkPbsWdKRry7NT5U8T:Naa/gvhRk5iwB9cFV/+neSx/cdRrytUK
Score
9/10
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
-
Checks BIOS information in registry 2 TTPs 1 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
Processes
-
C:\Users\Admin\AppData\Local\Temp\1a506c9af6eff57b32a827c6e3984392_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\1a506c9af6eff57b32a827c6e3984392_JaffaCakes118.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Identifies Wine through registry keys
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.7MB
-
Filesize
1.7MB