Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

defcaa1dfd...18.exe

windows7-x64

3

defcaa1dfd...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    13/09/2024, 22:08 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    defcaa1dfd5441dc448b581613771cc7_JaffaCakes118.exe

  • Size

    201KB

  • MD5

    defcaa1dfd5441dc448b581613771cc7

  • SHA1

    33667a970657815bbb8074badf4f9f937dd13edf

  • SHA256

    1579ff6c882e5fa7b1e1acdab182737af2eb4b6c07c6cdced6ca10d8f1acddad

  • SHA512

    8d13ba74064324b60cd83a546b02b6a59717f8a5cb3fec414ded7334311ac4a6a09656b918260ed5fec127d5ed05e8fe2b155a257535773f39e5c30cb1f06f92

  • SSDEEP

    3072:YQ92Yn+C8CxmBnIJoJ8xcB9yekH4ibNHJYzzFfx4Ie8f9Hhp5t93PEQGqFOGiHW:YdysTJ/jyBPaL4Ie8flft3OGi2

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\defcaa1dfd5441dc448b581613771cc7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\defcaa1dfd5441dc448b581613771cc7_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    PID:2360

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.