Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    01/07/2024, 11:01

General

  • Target

    1b0a827018d69d55847f502b37e61bd9_JaffaCakes118.exe

  • Size

    152KB

  • MD5

    1b0a827018d69d55847f502b37e61bd9

  • SHA1

    42a1a100c57b10a533e18bacba3b0334bbfd8cb0

  • SHA256

    44a71431a1102439c0e466a1f56c1ff8311e74a5ee57acd4b47e5b8cb5389af4

  • SHA512

    efd4519286733feb02349ad26219c63787b4a14c17eaa260f06d14137c2a35fd39b035ba34cb8d3804fce1fd73a3d516d2401a597a91a9978cbde4b76c1219ce

  • SSDEEP

    3072:pmR5LCQThb6qHfpmPKzYIEeh7m8h+38oW4OUSKwFZai:AR5LfJCaDEe08h+3rZi

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1b0a827018d69d55847f502b37e61bd9_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1b0a827018d69d55847f502b37e61bd9_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of SetWindowsHookEx
    PID:2392

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Temp\tmp.exe

    Filesize

    64KB

    MD5

    def521563b24fc0da5545adb459741b5

    SHA1

    b1d3fae1709c1bc35fd16c546d561ad8e293ac59

    SHA256

    831b9b3ba591ea884c8d12d2936e8273fd0d9deea8e86feca79012bbb08b5a09

    SHA512

    fbda8bf1359be9f97b29af2f5812253f8c2145dfcd1bf6dea7747affa0bcfcd5eff58db1e59dcb05e70f5bb50e60021b5b3e64cd98689f93faf8a3097d9ce72c