Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
09/07/2024, 15:01
Static task
static1
Behavioral task
behavioral1
Sample
30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe
Resource
win10v2004-20240708-en
General
-
Target
30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe
-
Size
829KB
-
MD5
30daf12ae3bbceb5a3593fb49cb57a4a
-
SHA1
3da47464660901dc426b8dc2a95b3dd99f9fdb41
-
SHA256
51ec2a5ca7624f4afce7f2b8195e1c063a597e3519817409c6cfcfc72ffb8009
-
SHA512
53766bb7f8b8dcc1a798c75d056e9dd4675afd890f7eb0ef6fbcb310e0d1bad782032025cd683551a18ef82bcd1dba512dcc2e476f8f37641053a29ca9619c4c
-
SSDEEP
24576:puA04LuA1Sq0zfcmjNGLussl7arqirGrewW:UApKZq0JhGLurlDirGrZ
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
resource yara_rule behavioral1/memory/2676-2-0x00000000008B0000-0x0000000000ACD000-memory.dmp upx behavioral1/memory/2676-3-0x00000000008B0000-0x0000000000AE1000-memory.dmp upx behavioral1/memory/2676-5-0x00000000008B0000-0x0000000000ACD000-memory.dmp upx behavioral1/memory/2676-10-0x00000000008B0000-0x0000000000AE1000-memory.dmp upx -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SmartIndex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe" 30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.