Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21/09/2024, 18:34

General

  • Target

    f068700b57ac4da173074acb8b92fcfb_JaffaCakes118.jad

  • Size

    26KB

  • MD5

    f068700b57ac4da173074acb8b92fcfb

  • SHA1

    47abb53863e97f5ff1a2b2b093c268c1ad79a27b

  • SHA256

    ff6c6802b0d66a7818d2c3c3b0ab2ad709fe75bfb8ab14b197291f449ab0ccc8

  • SHA512

    52be7471dc9c5d65eea7e622a09e50604c193b89502b23fb9405dd15fbc437f2f46fa0a88d8ecd7d66993f6e8450a0cff5b784ab6f76073dcfe395b8bd82e0df

  • SSDEEP

    768:IcwiFpsBHUx61hMSdqxIs2uhjPz5Lz5R4:3eNUx67XHiPz5Lz5a

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\f068700b57ac4da173074acb8b92fcfb_JaffaCakes118.jad
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1716
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\f068700b57ac4da173074acb8b92fcfb_JaffaCakes118.jad
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2920
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\f068700b57ac4da173074acb8b92fcfb_JaffaCakes118.jad"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2680

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    5b7e0bb53e3b49690288080732382b49

    SHA1

    35aa228e25fc197aa4d176cd4c9ba655255cf814

    SHA256

    0188dd88bd3aa96f9b3451c86a28cf8482acc2f8b4831cc87d93b74ea1e2225f

    SHA512

    1619310ede6682c16d13fe00fce53c053b8605a9436bd3613e1cf98e70f865a3b4f4d36e30126136db2532f8698ab77282301e791924e2c32731835d3697d430