Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
12/07/2024, 12:21
Static task
static1
Behavioral task
behavioral1
Sample
3d5ae6f89d86a8582af3d24c2cd574de_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
3d5ae6f89d86a8582af3d24c2cd574de_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
3d5ae6f89d86a8582af3d24c2cd574de_JaffaCakes118.exe
-
Size
12KB
-
MD5
3d5ae6f89d86a8582af3d24c2cd574de
-
SHA1
843c164bd7999d5950328200e761cd81c3592617
-
SHA256
218912855f7a46dd11a6e8707d69242fce81780baa71db94c38e60d278acd432
-
SHA512
a226354687a38b936c112c5f6443bdd3859b6068fc23bc35cd5ba2fd01c6595fcd360726efaa321c28076c156d500c299e35aeec5d63e4a6f2c6ab16aac15d5c
-
SSDEEP
192:WIhEGjUS5k4PHse7Z33GVZL3ZLLQgJ6EnqVxXuE9iKMvdHP1u:1b35k4P31QZL3ZfQ46N0dvA
Malware Config
Signatures
-
Accesses Microsoft Outlook profiles 1 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook 3d5ae6f89d86a8582af3d24c2cd574de_JaffaCakes118.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2436 3d5ae6f89d86a8582af3d24c2cd574de_JaffaCakes118.exe -
outlook_win_path 1 IoCs
description ioc Process Key opened \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook 3d5ae6f89d86a8582af3d24c2cd574de_JaffaCakes118.exe