Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/07/2024, 20:49

General

  • Target

    712da4906391b009785ecabab412732d_JaffaCakes118.exe

  • Size

    72KB

  • MD5

    712da4906391b009785ecabab412732d

  • SHA1

    c4ec6d20e9c6dc56b72fb4c3de8a72a27a17cf4d

  • SHA256

    583a9ea0e55ecea108268ccc98db5bf11e4e8ef20b8d62655e91442fe346a621

  • SHA512

    57b8452b80a3b4871b630fe322f1b102105cdba744b89ffa26d728b9ec95fe4fa2a48d001b440bb7a59c459d6eb022924cf1555db34c1a3b15b7066cb1db1404

  • SSDEEP

    1536:PcZdvK3EYDzlrKHTwDRIbRJu3+ozsuPvKvK4:PcZFRkx8KLzsuPvKvK4

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\712da4906391b009785ecabab412732d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\712da4906391b009785ecabab412732d_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    PID:1092

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads