Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
16s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
24/08/2024, 00:34
Behavioral task
behavioral1
Sample
bda922baab8f417cbbab89c19c90713e_JaffaCakes118.exe
Resource
win7-20240729-en
General
-
Target
bda922baab8f417cbbab89c19c90713e_JaffaCakes118.exe
-
Size
33KB
-
MD5
bda922baab8f417cbbab89c19c90713e
-
SHA1
12501d9dfd6b2a4f40802b23543bad23688ea32b
-
SHA256
021c3e274586cbfd8e77b41231afbd93a7549fecc6b1942eb290c1242bee7a17
-
SHA512
3e116644fb16dcc9e2b9074e452af847d0465ee7493b664eaf682c123ce46c9b7ca9fddd2f6962a66216dfefc60cb480e19f6d3b3b5bff9d58607b0c469d5534
-
SSDEEP
768:E4uOFmaw6XLbJaZYxeWJX2JVM0DxU8TWSUCSsFc:EtcLbJayxeUeVMb83l
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 2204 bda922baab8f417cbbab89c19c90713e_JaffaCakes118.exe -
resource yara_rule behavioral1/memory/2204-0-0x0000000000400000-0x000000000041B000-memory.dmp upx behavioral1/memory/2204-5-0x0000000000400000-0x000000000041B000-memory.dmp upx -
Drops file in Program Files directory 1 IoCs
description ioc Process File opened for modification C:\Program Files\Wizet\Maplenpkcrypt.dll bda922baab8f417cbbab89c19c90713e_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language bda922baab8f417cbbab89c19c90713e_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2204 bda922baab8f417cbbab89c19c90713e_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\bda922baab8f417cbbab89c19c90713e_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\bda922baab8f417cbbab89c19c90713e_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2204
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
50KB
MD5122789aa2c28d9dceedfc5c2378ffb0d
SHA17b45c0d608e79ee11d01382a0d79ade80190b36f
SHA2565d779128886ffd2eab5aad5725a087b721af760bf0990c13ae9e7163cd098c04
SHA512d6b98405bd96f8780e87046fe17be4c3d1095c3173ec315458784d15d13c9682bdc856dbd3a4c1798d2133339cbcc10d3f1c78e58748e933386b5f99f69eb405