Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
15/09/2024, 21:25
Behavioral task
behavioral1
Sample
e3631a0236a5733560bfe19be91385fd_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e3631a0236a5733560bfe19be91385fd_JaffaCakes118.exe
Resource
win10v2004-20240910-en
General
-
Target
e3631a0236a5733560bfe19be91385fd_JaffaCakes118.exe
-
Size
205KB
-
MD5
e3631a0236a5733560bfe19be91385fd
-
SHA1
c6fc0f06db230a150d0830cdd45774ee917953f3
-
SHA256
4f1a3c3702e6c66a845c3c1a360e0ebbf61cc7f424dcad489a9281471183b9da
-
SHA512
fe8ef10f0855eff360857ce4f70ca765d788155c2992d7740e79fa89461f40d7e99e80920155c324375a252f30de30a7b3a7debf9cab964e767af63285db9dca
-
SSDEEP
3072:I1puozpwxjYvidVX5DFfouwsJ7I5TXOIBewoSGlmIqEHYFKEVsMlaoZYJEqwNsc5:I1pnKBV9mTtXOwoSGmpUEiMIieur
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Extracted
metasploit
windows/shell_reverse_tcp
125.167.90.103:4444
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
resource yara_rule behavioral1/memory/1668-0-0x0000000000400000-0x0000000000454000-memory.dmp upx behavioral1/memory/1668-2-0x0000000000400000-0x0000000000454000-memory.dmp upx -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language e3631a0236a5733560bfe19be91385fd_JaffaCakes118.exe