Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
13/07/2024, 21:03
Static task
static1
Behavioral task
behavioral1
Sample
4354ae5294f09261ab5678fb2221c9c0_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
4354ae5294f09261ab5678fb2221c9c0_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
4354ae5294f09261ab5678fb2221c9c0_JaffaCakes118.exe
-
Size
220KB
-
MD5
4354ae5294f09261ab5678fb2221c9c0
-
SHA1
dd342a6245254bd73a49b23b8ef93aa0e28e2d1c
-
SHA256
29fcc132c41cddc2dcd9429e31f4aabb7283c53ebdd9c1a9409f7123bbcde850
-
SHA512
fe9bda763ffa3ed7f12779baec04211dc78cf8f4ab5243e6630eeb15c3ff62c225a195f7d75d265ffb1770bb70764549a1a7fe73e428a3a853bca9e580dbc2b7
-
SSDEEP
3072:VuS3u8KLoPLjmRTSXPUkdXz9qJ7MNDsZpznTWPiaFSeSGPFcPRP8RMYym6IWEgDf:sVWLjuIBz98LPq0iRMYymRWFD
Malware Config
Signatures
-
Checks BIOS information in registry 2 TTPs 1 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 4354ae5294f09261ab5678fb2221c9c0_JaffaCakes118.exe -
Modifies WinLogon 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\66a7bf87 = "t\\\x17‹…¢”\u00a0\x1f\u008f\bŠ7H\x1a÷\x1b?\x7fv@Šâk”›ç#SŠ9«\x0e«L\u008d‰¢½k>ÝÁŠÖ›Ç}µf?Ô#\x15é\aý„ÖTngµ\x17ÅÿédFx¸žˆwèK¸B\x16¾…“à%f\x16K\x14£\x1bƒÓçîÆ~FSCŸO\v¦«n^.Ø4†v˜“Ö\x17Ž^\vgS\x06nŸ@ïk#ƒH¶&ë.Ξ+\v>þOÞ\x1eG\vH~–\x06\x0e^Ssî" 4354ae5294f09261ab5678fb2221c9c0_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeSecurityPrivilege 2824 4354ae5294f09261ab5678fb2221c9c0_JaffaCakes118.exe