Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
19/08/2024, 13:14
General
-
Target
ab29e3618972175c155d2af942093043_JaffaCakes118.exe
-
Size
344KB
-
MD5
ab29e3618972175c155d2af942093043
-
SHA1
e6ded7161b9885b864eaf7886d92e8f0ceb46596
-
SHA256
283e7b55525056dbe73a4d777071e4aacb3cf8264903e65c4187c9094cdb7451
-
SHA512
2bab7c6243b7b2e4b34dcc967198bcf2c4995d02937c4a4b32de75e0a19029758c360591d5ad4d79a62d900b63b7d15d6f369d6e5f5e058a965b5f031afc2b89
-
SSDEEP
6144:A/T3zd9AVAixibDqwbKhqjX9kjeKHYFqoECLrLnZF7tGUP+BgkTbXD/3/:A/XM4DShe9EcHPLrLZ5AICgkTP3/
Malware Config
Signatures
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes
-
C:\Users\Admin\AppData\Local\Temp\ab29e3618972175c155d2af942093043_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\ab29e3618972175c155d2af942093043_JaffaCakes118.exe"1⤵
- System Location Discovery: System Language Discovery