Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
135s -
max time network
136s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
25/08/2024, 12:02
Static task
static1
Behavioral task
behavioral1
Sample
c0b5ebe9288b031277c90ec28d0cb1d5_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
c0b5ebe9288b031277c90ec28d0cb1d5_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
c0b5ebe9288b031277c90ec28d0cb1d5_JaffaCakes118.exe
-
Size
107KB
-
MD5
c0b5ebe9288b031277c90ec28d0cb1d5
-
SHA1
707c15982186d6b4d68de5543015b1682092f1b9
-
SHA256
836d9b559444d1d95c39b15494bbc0dbfbc698c9dd811e222e2c2d1b3ba30768
-
SHA512
9fd72f2c6b8a0dc822317820270fef20273990efcdd3ce42976d3cf66b08e81abf32796dc16ad06e6b3f7c57bdac07f314124d873ca6565cf431ff85b0c1d9cf
-
SSDEEP
3072:OECifmZz+3Z4tjvd4ClYu2Clb3IbymBk:dfrXhAlbay
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language c0b5ebe9288b031277c90ec28d0cb1d5_JaffaCakes118.exe -
Suspicious use of UnmapMainImage 1 IoCs
pid Process 2064 c0b5ebe9288b031277c90ec28d0cb1d5_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 5 IoCs
description pid Process procid_target PID 2064 wrote to memory of 1472 2064 c0b5ebe9288b031277c90ec28d0cb1d5_JaffaCakes118.exe 87 PID 2064 wrote to memory of 1472 2064 c0b5ebe9288b031277c90ec28d0cb1d5_JaffaCakes118.exe 87 PID 2064 wrote to memory of 1472 2064 c0b5ebe9288b031277c90ec28d0cb1d5_JaffaCakes118.exe 87 PID 2064 wrote to memory of 1472 2064 c0b5ebe9288b031277c90ec28d0cb1d5_JaffaCakes118.exe 87 PID 2064 wrote to memory of 1472 2064 c0b5ebe9288b031277c90ec28d0cb1d5_JaffaCakes118.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\c0b5ebe9288b031277c90ec28d0cb1d5_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\c0b5ebe9288b031277c90ec28d0cb1d5_JaffaCakes118.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2064 -
C:\Windows\SysWOW64\svchost.exesvchost.exe2⤵PID:1472
-