Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
09/09/2024, 12:02
General
-
Target
d6450cc84f28954ad0abf9e5cac01b6a_JaffaCakes118.exe
-
Size
372KB
-
MD5
d6450cc84f28954ad0abf9e5cac01b6a
-
SHA1
13641997850fea08d8a58eb94be26c29d26275a5
-
SHA256
0459603fec0d753b1df6c2a3083fc34be796997182b77c2fa53445383d5b2f8c
-
SHA512
8f34676a33b50e9b48946c6205542af3db747f837b0e00c174ef11503583c9b336d35b9dca4b09a6aaf2e713502aad3b7185090f1b5b2a3c0944f631580f01f8
-
SSDEEP
6144:SHZA1kbQVjPXhe/qc+FNbHsHTUCzutSEVxCWr3rgNMPeXxEwf5I71IjBnsz+2St:e/Q1PQIbMHIdtFxCaEN5XxEwxxmzCt
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 3 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Checks whether UAC is enabled 1 TTPs 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SendNotifyMessage 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d6450cc84f28954ad0abf9e5cac01b6a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\d6450cc84f28954ad0abf9e5cac01b6a_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Public\Downloads\Norton\{3A7FA539-8005-4603-87D2-SOS1-NSS-v4}\d6450cc84f28954ad0abf9e5cac01b6a_JaffaCakes118.exeC:\Users\Public\Downloads\Norton\{3A7FA539-8005-4603-87D2-SOS1-NSS-v4}\d6450cc84f28954ad0abf9e5cac01b6a_JaffaCakes118.exe /r2⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
157B
MD52984daf22a3849412d807a8ad59b969f
SHA166fe571f677face8754d8f96a76ea7402671ea9a
SHA256c1332f7b9d0e4edf284cd08ceae3845688b462eace100bb016d6a9bf7fa5cbf6
SHA512525bf36fb59f0a8e2f3f2ef0ebb8ae806bbafa0c341068c861598097d8da9c81ff410b24f304427c103331133c4eb09e11e819cfae4b0fd6fb5218ba3c487b2a
-
Filesize
54B
MD59499c2f308410e48386f58ca7afccd2e
SHA1e2ef9dec757aec938d801dd720fddc0c387da7af
SHA25687e4fc1f82d5a89c7f10ca58cf5de66d184cc3ce02954a13ade3100414a3bc97
SHA512ff68637e2b3b62cf6ca812bf4d067606edacb353825628048396c45e9be8ca7725c93787b8bcf82e610cf795f69a52b20d4ac48ade5405b114643af6515cf457
-
Filesize
1KB
MD59f97b2b58ab083be0fcf41b6504a1188
SHA165197d762530af2f147a3147b0c26746e6cb1050
SHA2565da8740dd6653eea7383d210a1e6f12f2bb9466681f5751293286d52ba9baedb
SHA512a785e7f0776271090e90fca2441951f15116039f8a703e076ec8ab5f6dbbae907970f2414f6653a132192e3d1b459236941d202348916d743723642a6a1097ae
-
Filesize
1KB
MD56eed52a802c666c3429bc120c5d8da6f
SHA117241b876d2cbe58c42d992863b8f0507ce6e770
SHA2565359deba1cb7c39376367f926a26e3e48edab70b0282690cfa72b43b430d4c12
SHA5125720818e81a928e538f24eec264b6401da658cad248a7fcd966fe79ab6f9c529d5af612089c7e2fe2f603c94bcee872158b2e9b0e1ec32a18f1d7b82ddde92b1
-
Filesize
372KB
MD5d6450cc84f28954ad0abf9e5cac01b6a
SHA113641997850fea08d8a58eb94be26c29d26275a5
SHA2560459603fec0d753b1df6c2a3083fc34be796997182b77c2fa53445383d5b2f8c
SHA5128f34676a33b50e9b48946c6205542af3db747f837b0e00c174ef11503583c9b336d35b9dca4b09a6aaf2e713502aad3b7185090f1b5b2a3c0944f631580f01f8
-
Filesize
8KB
-
Filesize
1.3MB
-
Filesize
64KB
-
Filesize
8KB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
64KB
-
Filesize
1.3MB
-
Filesize
8KB
-
Filesize
1.3MB
-
Filesize
64KB
-
Filesize
1.3MB