Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
27s -
max time network
22s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
26/07/2024, 01:50
Static task
static1
Behavioral task
behavioral1
Sample
7222a517cba60ebf495c23919c062adf_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
7222a517cba60ebf495c23919c062adf_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
7222a517cba60ebf495c23919c062adf_JaffaCakes118.exe
-
Size
360KB
-
MD5
7222a517cba60ebf495c23919c062adf
-
SHA1
02d820435aed0a9d5a4340de4c74b9c5120b8b75
-
SHA256
96435b89c18ee3e04222a558c96a407e16543f9ae02400025dfcd1d1f4a418c2
-
SHA512
5eb16d2b1dc87ccc542a0da20843445b3c5b5c6ad5320e45044b8b0b8a2b0152d098163f4ab14b220b597155966c13ea62a68da9d9a5785526723a56e5fd97f3
-
SSDEEP
1536:gRjo+O6oMbLUkU2dRKPOSb+YrSWoR98Oc7tKjKmU7ZL:gBo+LogLU74RKPOSFl883BL
Malware Config
Signatures
-
Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7222a517cba60ebf495c23919c062adf_JaffaCakes118.exe -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 7222a517cba60ebf495c23919c062adf_JaffaCakes118.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 7222a517cba60ebf495c23919c062adf_JaffaCakes118.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier 7222a517cba60ebf495c23919c062adf_JaffaCakes118.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 1732 7222a517cba60ebf495c23919c062adf_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7222a517cba60ebf495c23919c062adf_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\7222a517cba60ebf495c23919c062adf_JaffaCakes118.exe"1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:1732
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5d4b594a166bf8085d6b1dd25c942b6ec
SHA1fe341a92e913e50d416a69d808e8a4cd11acf6ec
SHA256c46aea4d952c919824866a50ebb9d8b81ede542a05d2797afc90551babeae5d2
SHA512fb952224695f459ef04611e50c7afbe9ba12b6cdc984f571af112dda53a6ad3460432897b3b1ff64c2e86b45577f1e6e012b4aee8eff98c2fcbb01476b01b814