Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    133s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/07/2024, 17:01

General

  • Target

    687051ed75be81d733e7489d7c7c773f_JaffaCakes118.exe

  • Size

    13KB

  • MD5

    687051ed75be81d733e7489d7c7c773f

  • SHA1

    99a7771e8e559830329dabcead04c43874134ff5

  • SHA256

    92d63ee58e835d8cfc6943537d1beb080279bfd1538a010423be42e713390da9

  • SHA512

    b4fe281d3a16939b333cd38dabfceb9b2a42d871f3efc1a967db0e50af52b70cc3922865f65b3ac8df7828a0acbc869b199e4b1e2e4b4e058bc65a91fcef6bd5

  • SSDEEP

    192:O1nT9bAS4rAF3x9emdGXgS8Aj1pf46IJJ2U1FVqmupeUWy9NI7P3rcA:O1xbV4s3x9Pm3pQ6Ir2QqLpeg9U3YA

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\687051ed75be81d733e7489d7c7c773f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\687051ed75be81d733e7489d7c7c773f_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:3084

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3084-0-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

  • memory/3084-2-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

  • memory/3084-8-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB