Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/09/2024, 11:10

General

  • Target

    cf69a72768fecdc4fce826948a4e12a9_JaffaCakes118.exe

  • Size

    2.4MB

  • MD5

    cf69a72768fecdc4fce826948a4e12a9

  • SHA1

    669733e53bbbb0a3a9df9e7b0c9e8ff06c8cef8c

  • SHA256

    a65f35b7781221ad5b0bbc829022f02e7d59cad3c408e77caaa777c85c188deb

  • SHA512

    3c321d57c4243f9665e1db3b01c6c4f252bae75a76c60d0daf80b7fc77b8693262e8d8425f95a8a01c49358ba35d78e70f2aa03196f01d30fedba4fb30f7cde8

  • SSDEEP

    49152:WLBTD4y+gGUgZMpdNkhFNI+GSE7JRzT3oYIRfEku0iiPWPC:WB43ULpMhFvpQJRzTYBtjiK

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cf69a72768fecdc4fce826948a4e12a9_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\cf69a72768fecdc4fce826948a4e12a9_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:4668

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4668-0-0x0000000000400000-0x000000000060D330-memory.dmp

    Filesize

    2.1MB

  • memory/4668-1-0x0000000000400000-0x000000000060D330-memory.dmp

    Filesize

    2.1MB

  • memory/4668-2-0x0000000000400000-0x000000000060D330-memory.dmp

    Filesize

    2.1MB