Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
03/07/2024, 22:42
General
-
Target
23b469a54523f1ace4906556068187ee_JaffaCakes118.exe
-
Size
69KB
-
MD5
23b469a54523f1ace4906556068187ee
-
SHA1
78a14d5ae78359b84fc24f6d187b3377fa0b9ce5
-
SHA256
8cd6d7e0de2d0a6e2b450a3293b7f2535b2e5bea0b59ba5fb4089c6b9e1a26dd
-
SHA512
174db63b67e92b83a8b96139f0c55333967a01e2c398b387ab7b00d4b4476f9a1d6030798785a436c689ce2ef2cfa18676f704b31ccbf777d2d048435067daf4
-
SSDEEP
1536:2Qv2G7iUic/IFKy3gOF9pQkMtgxNAtDkMQtk+rW:hZNZtyQOuk1AtDkLtk+K
Score
7/10
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Modifies WinLogon 2 TTPs 1 IoCs
-
Drops file in System32 directory 2 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Modifies Control Panel 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 24 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\23b469a54523f1ace4906556068187ee_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\23b469a54523f1ace4906556068187ee_JaffaCakes118.exe"1⤵
- Checks computer location settings
- Modifies WinLogon
- Drops file in System32 directory
- Suspicious use of SetThreadContext
- Modifies Control Panel
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\bfsvc.exeC:\Windows\bfsvc.exe2⤵
-
-
C:\Windows\bfsvc.exeC:\Windows\bfsvc.exe2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
76KB
-
Filesize
960KB
-
Filesize
76KB