Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
13s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
25/07/2024, 13:46
Static task
static1
Behavioral task
behavioral1
Sample
6fd3b21fb0e6c0d290dc2f2ccf23d7ac_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
6fd3b21fb0e6c0d290dc2f2ccf23d7ac_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
6fd3b21fb0e6c0d290dc2f2ccf23d7ac_JaffaCakes118.exe
-
Size
2.6MB
-
MD5
6fd3b21fb0e6c0d290dc2f2ccf23d7ac
-
SHA1
263c2645c79b2d864c653e31a1194da1c466a7ed
-
SHA256
495586be095e5970063aa69e4d7f141f7da5eef676a18168bff72e4ce4b4c98d
-
SHA512
bdb38136420b66228516986404593e283fc9730f6eb26744f0549923a2284fa54d00e3f905984d0043885f8f74778b1c56c2acfa3a7a22965d437a42f76f2138
-
SSDEEP
49152:tYFMSTro/KSdCyU1eV5hWLkVvluBOBLA0xn0HQQpeY9UFKP:tYFPryTkyUMVyLkVvw8LAsnMQQpFmFKP
Malware Config
Signatures
-
Loads dropped DLL 2 IoCs
pid Process 2152 6fd3b21fb0e6c0d290dc2f2ccf23d7ac_JaffaCakes118.exe 2152 6fd3b21fb0e6c0d290dc2f2ccf23d7ac_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 6fd3b21fb0e6c0d290dc2f2ccf23d7ac_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 2152 6fd3b21fb0e6c0d290dc2f2ccf23d7ac_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 2152 6fd3b21fb0e6c0d290dc2f2ccf23d7ac_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2152 6fd3b21fb0e6c0d290dc2f2ccf23d7ac_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\6fd3b21fb0e6c0d290dc2f2ccf23d7ac_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\6fd3b21fb0e6c0d290dc2f2ccf23d7ac_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2152
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD56e4b107f9f0110558b17e0ce03a58c33
SHA15fab0b3de31762ef783cce7331efa653e7fe74ff
SHA256615b4a0c0104ea9c0656dd543ca9e9d1ce57263941a24a4221800c88d3e921d6
SHA512ece687b079c2dbec8de5c476ff638ff63b5ef052b0d9dc804e78821f2683b340d5ab673f2321f24340aa815c825f163addd96dfbe5264d2ad834b9185c50d5fa
-
Filesize
2KB
MD504e32e8812541e42755f0854a1bf23a3
SHA187c3a34fe9174ddf16fc48178a166274186daf53
SHA256846d9d7177363978410965612861215b7a73c6474e64efcfaab0fa3fee8c30a1
SHA512830bbbad7136dc740f59de08acedc26e68632c086072de87092586646872c660900288c08a6fb4881e1351f34a8a3d1c85e5ad8d682f04e8295f7f8436165647