Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
12/07/2024, 08:57 UTC
Static task
static1
Behavioral task
behavioral1
Sample
3cba8951a4f7d01b0a4c36a05dd5bd54_JaffaCakes118.xls
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
3cba8951a4f7d01b0a4c36a05dd5bd54_JaffaCakes118.xls
Resource
win10v2004-20240709-en
General
-
Target
3cba8951a4f7d01b0a4c36a05dd5bd54_JaffaCakes118.xls
-
Size
58KB
-
MD5
3cba8951a4f7d01b0a4c36a05dd5bd54
-
SHA1
744d89e24755e28d6ae24aa6d7d1b821e65e0049
-
SHA256
6c9a096f226eba467c4b69a92e5b460ce0f8a05ad380da7b99a998283a4b31ad
-
SHA512
f41c68962535be0f4bc0139d192ac1b1bc696fccca2f62bf4109b81625ccf9a7416cbcdb9061e11f2c40d10398961b03e9a0ab886c3cfb16864691c66e92d08d
-
SSDEEP
768:BfPjjdz37y3VEn4QDH4W07Uoee4ROlJZOXueu6S55LYBBDjDvOV267:Nbjdz37EVnnSeAO5ODjEG2g67
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2052 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 7 IoCs
pid Process 2052 EXCEL.EXE 2052 EXCEL.EXE 2052 EXCEL.EXE 2052 EXCEL.EXE 2052 EXCEL.EXE 2052 EXCEL.EXE 2052 EXCEL.EXE
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\3cba8951a4f7d01b0a4c36a05dd5bd54_JaffaCakes118.xls1⤵
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2052