Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
-
submitted
03/07/2024, 05:59
General
-
Target
21500155f442187001dd2e9371e4e21a_JaffaCakes118.exe
-
Size
710KB
-
MD5
21500155f442187001dd2e9371e4e21a
-
SHA1
4f1e9970ce02081642f36554fe897ea72f169124
-
SHA256
89479065919be4eb81a9348dd813ffc6f4f0a12018a63480de16a9b3d4f73e22
-
SHA512
621c7c8d5d80ca5f12763a3fae40d124db141e83744b900d89f9db5aa67a16e26e7bb8c393e74b04cb327ff803f3c8670c374049509a91d48563553d2d9ad67b
-
SSDEEP
12288:UN23D7X/plD07IRlPrEsNll+EgC8UZj1rM6rL5A3s6ba/u2CpLIxbk3+RVlk3W:UNg7TP9XbD1/Rk3tORVlk3W
Malware Config
Signatures
-
Gh0st RAT payload 4 IoCs
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
-
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL 2 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Drops file in Program Files directory 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\21500155f442187001dd2e9371e4e21a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\21500155f442187001dd2e9371e4e21a_JaffaCakes118.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Identifies Wine through registry keys
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k imgsvc1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
9.2MB
MD5025021618c73743b0b927806d1b1d0c1
SHA17a4f9673d994dc6dfcff969392cd864bafeb8537
SHA256acd5b7e46c8bc26860b2b9ddaa62cb3b6a3796e77cc9b1c54b14a94e3f6093e3
SHA512cebb0389e3fc77c8ab2032f73a6b9386abc5928cab073acc10aac046f88153eb8f03d034d9ae45fd8a9b8abeb9b23aed92eb0fa4982f57d984ed847c8b151bd8
-
Filesize
105KB
MD5648f927dd8fcb0ffdac042788659e472
SHA11cab65c17b369a4e3411744ba6879ad14e27d3da
SHA256a4221ac068766150ae831b81cde293cae38fb1984c648522a563c1d48ca4750e
SHA5127d11a74755cb3007fdf1f34f44098402ccaf0a5833d009e25e7f54d1c42bdfb1c1025437468960700d8e8c708c7240ab93efbe2d802c16da7735434420e34bfb
-
Filesize
1.6MB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
1.6MB
-
Filesize
1.6MB
