Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
139s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
10/08/2024, 19:28
Static task
static1
Behavioral task
behavioral1
Sample
875cac3f3784615f6f935a7c093d9a43_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
875cac3f3784615f6f935a7c093d9a43_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
875cac3f3784615f6f935a7c093d9a43_JaffaCakes118.exe
-
Size
112KB
-
MD5
875cac3f3784615f6f935a7c093d9a43
-
SHA1
c8ac7236d131faf7da115a1260a028ba06eb87e1
-
SHA256
5e19ef9b550f7a504a646d1984bb6ce694ed0926eca2bf6baa984bd0e33c9814
-
SHA512
730e634a496d1ecc842b42a539e1dd6e95e6120f7506b1ff3664a6134e17fdc56564e42bb36f5e804236c8b309795728d4a136cb9b75266685d0905ded538673
-
SSDEEP
3072:M9pL6qRL2yoUgN6f2TxhSgxwuBqIMOy3uoZs18oCAYDs:M9h6qR6y3TkxcgxSIMO2zZhA
Malware Config
Signatures
-
Drops file in System32 directory 1 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\s.exe 875cac3f3784615f6f935a7c093d9a43_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 875cac3f3784615f6f935a7c093d9a43_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4728 875cac3f3784615f6f935a7c093d9a43_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\875cac3f3784615f6f935a7c093d9a43_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\875cac3f3784615f6f935a7c093d9a43_JaffaCakes118.exe"1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4728
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
60KB
MD5d9777927d914f9805d2f66da3fa8eef6
SHA1172979ec46cf0008add053704506b5d52e4475c0
SHA2566018deee13fca9d59affc2cebe95cb0d223f1ba01918391797ef01e3917d29a2
SHA5124af70e3dd1fd1b18c799a7d11d29135e518900bcdbc1278b143160c0b2c5326fca979ad798a690bc607932548a5e5a33d932775a7821d82b63d99c41e205b363