Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
48s -
max time network
39s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
11/09/2024, 14:46
Static task
static1
Behavioral task
behavioral1
Sample
da93e572718d1c2154e55a0a238ed673_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
da93e572718d1c2154e55a0a238ed673_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
da93e572718d1c2154e55a0a238ed673_JaffaCakes118.exe
-
Size
80KB
-
MD5
da93e572718d1c2154e55a0a238ed673
-
SHA1
82d9e925c889780faf06ef5525cb3abb8a0c88df
-
SHA256
787f5e7ef2ffd3f642d62d68ae840fb5875158f25815dc32215b20760e7e7c3e
-
SHA512
6ddaa8c71263e4b06cef10d5a755a4e38d7ae09a2cad89f6f65296c5dd7394272c69432cf5ee968334bea1eb0d3ce71b88b31bdd078b19f2bda1f2db6075df41
-
SSDEEP
1536:K7UxyGtordZ1Z2qSDnoDUP3pNkM00M1NgqHTJKqO9O:grJSDnogP3u0M16GTJK59O
Malware Config
Signatures
-
Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main da93e572718d1c2154e55a0a238ed673_JaffaCakes118.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch da93e572718d1c2154e55a0a238ed673_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" da93e572718d1c2154e55a0a238ed673_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2176 da93e572718d1c2154e55a0a238ed673_JaffaCakes118.exe 2176 da93e572718d1c2154e55a0a238ed673_JaffaCakes118.exe