Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
14/08/2024, 11:35
Behavioral task
behavioral1
Sample
95efec9c49c6335f5d5de7f7550fd07e_JaffaCakes118.exe
Resource
win7-20240729-en
4 signatures
150 seconds
General
-
Target
95efec9c49c6335f5d5de7f7550fd07e_JaffaCakes118.exe
-
Size
264KB
-
MD5
95efec9c49c6335f5d5de7f7550fd07e
-
SHA1
8f47b8a288dd08e436725774ab7034b0bf004ac5
-
SHA256
a1152c0747e18e3bf452ab32cad66e7447562dbe17bf34400cefeafe09951a2a
-
SHA512
b3803002cb42165df3b8fe7ed63789b106e34b4b0c50312853db8790620c1e6a23611c4ad5f10f8f63104e0026d8a7eb5a754613d107f2d5011754f2b969ba25
-
SSDEEP
6144:xlUjEKIhdz4Tlw0bpWtVUrTocNBGWI/3JeY7Ko8CaZ:jUYKOWTlf7rToSBI3WohaZ
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/2244-0-0x0000000000400000-0x0000000000494000-memory.dmp upx -
Modifies WinLogon 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\4876915b = "Nž¡|*\t¿_9Õ±dM¹\u009d\u00ad\x14é\x10\u009dú\x11\x1d‹â\x02Ñe\x154\x105]Õ†9J ¯2æ‡B×\x1a–ÿ\x10ãð'.…yÓªâ(¹Ô+ßiÜø^Cлu\u00adgà´òlM$ûP4&\u008d=•\x01Ýc\u00ad´¬1ý]é\x05[I…õä=%\x1b\u008d¥5ñ½<K•œ¡ñ\x1dõá¼\u008dÝ}-ÝÕL‹uqMÅ\x05Ü4…Õ…”µÓìU]Qm=ã\x05dÙ£mu3\x15u¥™“³\u008d\\\\¡\u0081µ¥mƒ\x19\u009dtíôU½\u008d³q$Œ\u008dôŒãK³‰ì;••SÄíÍáÍ=Ít<Í-}\fìµ4}|“<\x01\u008dA\f\x19Ám+\f+<%\x155UDÃ…õY¼\x19<9\x01ÝÍ\x04•…Um\x01=ue\x19ueµSýDÝ“" 95efec9c49c6335f5d5de7f7550fd07e_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 95efec9c49c6335f5d5de7f7550fd07e_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeSecurityPrivilege 2244 95efec9c49c6335f5d5de7f7550fd07e_JaffaCakes118.exe