Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
31s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
12/08/2024, 00:10
General
-
Target
8c8b41bf50c0db6958e34f2c919bb1fd_JaffaCakes118.exe
-
Size
505KB
-
MD5
8c8b41bf50c0db6958e34f2c919bb1fd
-
SHA1
db042b017405ffc38ee821a339378908ced840fc
-
SHA256
bb5bd3216a4cda9c463523eaa244707da7c8418c150e93af411f46ba33f186d7
-
SHA512
8fe8cb25e6eab26388b50caa5cc759e12006315f17a5fdc53719a6750beccdcc924ba96de1c4debb696002f159b28585c52ebc52990db51922a8bef53fe2f573
-
SSDEEP
12288:gd2ZIme5eLTK31Z3HV4A6kvARotpp2AokCSfrLy+LfCq39Fu6:kMjE1Z3HGZTOtpENsfrm
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
UPX packed file 7 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SendNotifyMessage 2 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8c8b41bf50c0db6958e34f2c919bb1fd_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\8c8b41bf50c0db6958e34f2c919bb1fd_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\kD01815ObMgP01815\kD01815ObMgP01815.exe"C:\ProgramData\kD01815ObMgP01815\kD01815ObMgP01815.exe" "C:\Users\Admin\AppData\Local\Temp\8c8b41bf50c0db6958e34f2c919bb1fd_JaffaCakes118.exe"2⤵
- Deletes itself
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
192B
MD55cdbface789c2353c27b677511132191
SHA1ae3a3a646509a5eff9907b22a1e41939d6864076
SHA256e709cb0435e61c5583b0bf6b11801623125324f08eaa49d46076a30585a36b60
SHA512fe34ef5f8ba7bcbb648e6cdb46afddf4588a3292739c5e34429e461fd6a3a96c58a13e92a44ef76025125703b7ed669cf0e801fe2e29a6d42e1d2876e6e0cc70
-
Filesize
505KB
MD500f7a833c50c86e057ffe3540eff97c4
SHA15ee0e48bb6b10241aa3757738346e37817bb740a
SHA2567e5a975137b5c27f8f4a24272a04b67435726f520dc50f741f56db50ba1b7c2d
SHA512565799e811f4c011e84689c5ecbacdeceb17c76eba70e5fc1b9635b5c1384a44f789b17222e7cf08b5ffb12bd7202fbbc9e5fcf011d29ecdf2143be640028d3b
-
Filesize
788KB
-
Filesize
828KB
-
Filesize
828KB
-
Filesize
788KB
-
Filesize
828KB
-
Filesize
828KB
-
Filesize
828KB