Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
25/09/2024, 23:24
Static task
static1
Behavioral task
behavioral1
Sample
f70fd62c88c73663c65a0dc8823c81f6_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
f70fd62c88c73663c65a0dc8823c81f6_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
f70fd62c88c73663c65a0dc8823c81f6_JaffaCakes118.exe
-
Size
447KB
-
MD5
f70fd62c88c73663c65a0dc8823c81f6
-
SHA1
1629b87eb32d8e6fa50c79393db3aa9487a26745
-
SHA256
c2fb60090b281f3d67b99cb639c36e81fb59a4a93b5f27b25196103aac7f2d4d
-
SHA512
37c1fbd27374d67b8b2240188a19396796320bf017b1cde7e3005378a76609d92ec8626746e32b07b190cb648c46854ca5c512ab94b32e41a3df96a19abd59bf
-
SSDEEP
6144:FbMUxmYrUkGeWKUq/Jf8Woll01bCk6SHOwiOI4LMaGsn+sqmwnGk11KpnWZ:VTvr/GrQ/JZola76G9zMah+JmSvEW
Malware Config
Signatures
-
Loads dropped DLL 2 IoCs
pid Process 2536 f70fd62c88c73663c65a0dc8823c81f6_JaffaCakes118.exe 2536 f70fd62c88c73663c65a0dc8823c81f6_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language f70fd62c88c73663c65a0dc8823c81f6_JaffaCakes118.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2536 f70fd62c88c73663c65a0dc8823c81f6_JaffaCakes118.exe -
Suspicious use of SendNotifyMessage 1 IoCs
pid Process 2536 f70fd62c88c73663c65a0dc8823c81f6_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\f70fd62c88c73663c65a0dc8823c81f6_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f70fd62c88c73663c65a0dc8823c81f6_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2536
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
84KB
MD5b0a1debd303c8917f5df7ee96e5d180a
SHA1686d3e01c2894543e6d78ca8558ab295892a3c25
SHA256c264df280cbfe563cba87cdedfbed18b5e41766f514782a4ee1e821b04e70df4
SHA512d522faed4a191b3abd7466736e0517c3cc27e6c759bb55f227342ead49ade816e9f71193534a4afbd5cddc473677ae748216e509129cc97b4226e2b197567e1e
-
Filesize
84KB
MD578bd7f85d17bf25377d895cda042e663
SHA17a2997106287c763bc898e4fd7d516145dc2539b
SHA2561c888945ca459fd4d8c0ee2f8df2bfd9c4dadac72c3bcf3238d862e8f67acd25
SHA512a06206356f7b378c1958d441944691ef4036c9a68963abb51b62e03c4582d8932051daf82468b29b31493b5479808351bf6286eb36cc4bf299ebabe6bcc67ea3