Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
14/08/2024, 10:53
Static task
static1
Behavioral task
behavioral1
Sample
95cb69c55ba18a20a53d8cdea14692d3_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
95cb69c55ba18a20a53d8cdea14692d3_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
95cb69c55ba18a20a53d8cdea14692d3_JaffaCakes118.exe
-
Size
128KB
-
MD5
95cb69c55ba18a20a53d8cdea14692d3
-
SHA1
65e9b7fb2c00e28e6a6f9486a86183be48c5195a
-
SHA256
9c67a125a32462baf35f327be86b064da87d508419519d45cfd6327f92a0c867
-
SHA512
55579a48083fbb8a4bf7c9f8b012390797b0efa7ff4560ba908ab890b279c88bc0374311f5e2b22d65c84a8ed3b7e8f479f2c2e813eb9d3ab213db7be05f28a9
-
SSDEEP
3072:V5wkhcI9CqZcJkl/1bxb86ey29DAUMMLXvOy9Md9p:V5wiV9Cqh/1bHRUMQgn
Malware Config
Signatures
-
Loads dropped DLL 4 IoCs
pid Process 1604 95cb69c55ba18a20a53d8cdea14692d3_JaffaCakes118.exe 1604 95cb69c55ba18a20a53d8cdea14692d3_JaffaCakes118.exe 1604 95cb69c55ba18a20a53d8cdea14692d3_JaffaCakes118.exe 1604 95cb69c55ba18a20a53d8cdea14692d3_JaffaCakes118.exe -
Drops file in System32 directory 2 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\s3s4312.dat 95cb69c55ba18a20a53d8cdea14692d3_JaffaCakes118.exe File created C:\Windows\SysWOW64\Windows.ime 95cb69c55ba18a20a53d8cdea14692d3_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 95cb69c55ba18a20a53d8cdea14692d3_JaffaCakes118.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 1604 95cb69c55ba18a20a53d8cdea14692d3_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\95cb69c55ba18a20a53d8cdea14692d3_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\95cb69c55ba18a20a53d8cdea14692d3_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1604
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
180B
MD5dfedc51f2b4a0cb8fda692527b67adb6
SHA13d8a9349d7d305c4208248e87a0fc63df0e34061
SHA2563dd3945160d7037662e6e61c45f999fd9f9df57397d8267655a241681a486998
SHA51279c8eb62fba198fe832255ea2c0fa5cae630c0ec045a7f08c9d35567e02627b2ff17c2cc0df971e7582dc28361d4001e275de76faaf89693fcd89d4752a91a5a
-
Filesize
72KB
MD59e1d826af4fd2394ed6fd27b718a689b
SHA1074f7fc279eac7edd44138e2668157bc4ad3db03
SHA25635fb0f8e744dc504df44a493dba18a6d0a5a4b8252c3c5f568c7c025421d7742
SHA512ccc8e29c45d3142025a16ef6daf1fd1439c0c1d3038977b94c3c6bfbccd763e699f1c3657c7d6a6ed1604ad9fc766c0d5fc3d295e579c55ab1211f4f3b8cc188