Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13/09/2024, 17:04

General

  • Target

    de88ed0a78b5f512d4a0ac2b1508a1dd_JaffaCakes118.exe

  • Size

    278KB

  • MD5

    de88ed0a78b5f512d4a0ac2b1508a1dd

  • SHA1

    073eb04d85eb995ab0729fab05cf81d7cc730166

  • SHA256

    b72c7113b62b5c57c950bf2d67a707363ddad871008b4f8a0a25a5f34ea16f90

  • SHA512

    a3188255aa2d991d60230e658ff68a895917fc5db74025aa876f4fee6f663bb984f35efe77d68c72ff21a82afe1ecdc3cb18d23f434b5ac2b3ab336d66541d8e

  • SSDEEP

    6144:Z1Yk7RnxF3BEuTP0PvdA8r1eqABpxEJPlLsiJEwpCzvkSm4krOs7DB:fYex0uT8Hq6eqABvuPl5K5Rkvh

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of UnmapMainImage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\de88ed0a78b5f512d4a0ac2b1508a1dd_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\de88ed0a78b5f512d4a0ac2b1508a1dd_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of UnmapMainImage
    PID:2272

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2272-1-0x0000000001C10000-0x0000000001C5B000-memory.dmp

    Filesize

    300KB

  • memory/2272-0-0x0000000001BC0000-0x0000000001C01000-memory.dmp

    Filesize

    260KB

  • memory/2272-2-0x0000000000400000-0x0000000000441000-memory.dmp

    Filesize

    260KB

  • memory/2272-5-0x0000000000400000-0x0000000000441000-memory.dmp

    Filesize

    260KB

  • memory/2272-4-0x0000000001C10000-0x0000000001C5B000-memory.dmp

    Filesize

    300KB