Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
94s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
26/07/2024, 14:50
Static task
static1
Behavioral task
behavioral1
Sample
7480af1b64ed8a8a4245f111bf17e6fa_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
7480af1b64ed8a8a4245f111bf17e6fa_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
7480af1b64ed8a8a4245f111bf17e6fa_JaffaCakes118.exe
-
Size
365KB
-
MD5
7480af1b64ed8a8a4245f111bf17e6fa
-
SHA1
b294135fb41074229973b889d56c1194e949c835
-
SHA256
36f236a09028a8590037993148116ee9795ad6d24353e5c2fb181595eb84ca51
-
SHA512
7308d7e376c6849b675f1fd1ae983bbc268f08258b7652edad13cfe72a548489dbd29917b3d7609f181d1af953e3fed0c01792ffc2c605950be815dfb570a0c1
-
SSDEEP
6144:PbWlRil4zZiH+eX/57EGLlCZR4ZfCvVmCyTyyYW4PXUZGBNqM8k85tG/j:PbKRil4zZieY7EP8fCdmCyLB4PcGHojs
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 924 2960 WerFault.exe 83 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7480af1b64ed8a8a4245f111bf17e6fa_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7480af1b64ed8a8a4245f111bf17e6fa_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\7480af1b64ed8a8a4245f111bf17e6fa_JaffaCakes118.exe"1⤵
- System Location Discovery: System Language Discovery
PID:2960 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 5202⤵
- Program crash
PID:924
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2960 -ip 29601⤵PID:2232