Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
13/07/2024, 17:25
Behavioral task
behavioral1
Sample
42a4846419b9dc5de45c3414c0534eb4_JaffaCakes118.exe
Resource
win7-20240708-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
42a4846419b9dc5de45c3414c0534eb4_JaffaCakes118.exe
Resource
win10v2004-20240709-en
3 signatures
150 seconds
General
-
Target
42a4846419b9dc5de45c3414c0534eb4_JaffaCakes118.exe
-
Size
4.8MB
-
MD5
42a4846419b9dc5de45c3414c0534eb4
-
SHA1
1397dda4d8d42cb79b90db33eeadfcfbfafa29bb
-
SHA256
bbf83d3fcb92b60b9aa19e69594c948e39421b4de6fd40328c90b4aae067bff4
-
SHA512
94c205d77f778f22cc8e471e3e88fbaa70ca9c7b2872c828551a1d96e6be8ac5ef256715f3cc0f965d2563a73377be625a85fd00568551a286c4042d55eaf300
-
SSDEEP
98304:ZvCrWsjMZSPLfMaTAaKmUccCaqDQ9yy/yI7mph:ZvCHYoMaTbKzcZao7E70h
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/804-14-0x0000000000400000-0x0000000000BA8000-memory.dmp vmprotect behavioral1/memory/804-11-0x0000000000400000-0x0000000000BA8000-memory.dmp vmprotect -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
pid Process 804 42a4846419b9dc5de45c3414c0534eb4_JaffaCakes118.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 804 42a4846419b9dc5de45c3414c0534eb4_JaffaCakes118.exe