Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
16s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
13/07/2024, 08:22
Behavioral task
behavioral1
Sample
40e8d4bf264e5e962a2c4f6c7aa99927_JaffaCakes118.exe
Resource
win7-20240708-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
40e8d4bf264e5e962a2c4f6c7aa99927_JaffaCakes118.exe
Resource
win10v2004-20240709-en
3 signatures
150 seconds
General
-
Target
40e8d4bf264e5e962a2c4f6c7aa99927_JaffaCakes118.exe
-
Size
30KB
-
MD5
40e8d4bf264e5e962a2c4f6c7aa99927
-
SHA1
5a6e939ffa3dd4504ee5dbcab1eb0147afd3aab7
-
SHA256
46f2d612d71395ae3e5b8efaf60c7d586df2d53224e6acc470d0f4f3bebf601e
-
SHA512
4416aa0d7abd033ec7bd6536ea937aaa1f6f6b9fe4a98a16f3bb6f08511d2c96dba6f977484923d0e1c4f797da85cb673c46e66b3edee62f4a87cacf262c5497
-
SSDEEP
768:8f+bwxTZYnro1TctKm3lUGCltvtvoj2k8b1dLxsha5Ac:lwhZL1w9OvlXofKWhc
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
description pid Process Token: SeBackupPrivilege 2840 40e8d4bf264e5e962a2c4f6c7aa99927_JaffaCakes118.exe Token: SeRestorePrivilege 2840 40e8d4bf264e5e962a2c4f6c7aa99927_JaffaCakes118.exe Token: SeRestorePrivilege 2840 40e8d4bf264e5e962a2c4f6c7aa99927_JaffaCakes118.exe Token: SeRestorePrivilege 2840 40e8d4bf264e5e962a2c4f6c7aa99927_JaffaCakes118.exe Token: SeRestorePrivilege 2840 40e8d4bf264e5e962a2c4f6c7aa99927_JaffaCakes118.exe Token: SeRestorePrivilege 2840 40e8d4bf264e5e962a2c4f6c7aa99927_JaffaCakes118.exe Token: SeBackupPrivilege 2840 40e8d4bf264e5e962a2c4f6c7aa99927_JaffaCakes118.exe Token: SeRestorePrivilege 2840 40e8d4bf264e5e962a2c4f6c7aa99927_JaffaCakes118.exe Token: SeRestorePrivilege 2840 40e8d4bf264e5e962a2c4f6c7aa99927_JaffaCakes118.exe Token: SeRestorePrivilege 2840 40e8d4bf264e5e962a2c4f6c7aa99927_JaffaCakes118.exe Token: SeRestorePrivilege 2840 40e8d4bf264e5e962a2c4f6c7aa99927_JaffaCakes118.exe Token: SeRestorePrivilege 2840 40e8d4bf264e5e962a2c4f6c7aa99927_JaffaCakes118.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 2840 40e8d4bf264e5e962a2c4f6c7aa99927_JaffaCakes118.exe 2840 40e8d4bf264e5e962a2c4f6c7aa99927_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 1 IoCs
description pid Process procid_target PID 2840 wrote to memory of 1388 2840 40e8d4bf264e5e962a2c4f6c7aa99927_JaffaCakes118.exe 20
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:1388
-
C:\Users\Admin\AppData\Local\Temp\40e8d4bf264e5e962a2c4f6c7aa99927_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\40e8d4bf264e5e962a2c4f6c7aa99927_JaffaCakes118.exe"2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2840
-