Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
01/10/2024, 22:56
General
-
Target
07c3493d1432f925f8d6d006e125530a_JaffaCakes118.exe
-
Size
2.1MB
-
MD5
07c3493d1432f925f8d6d006e125530a
-
SHA1
a03c3d303c82e22cf8dc936049cf07d5059d8ff5
-
SHA256
91e48959cf21cd7d0d11b048d5999fd6a52324b676538f1369cb489bbdd1742d
-
SHA512
3934aa538a88e858d108d960901a9952e50ddfad22245a5670427739f2890790e13e944cb6ea5eaac3a745b72a296057b29109e9ce7e08eb1b66c876758a1591
-
SSDEEP
24576:LSihcj6jBSt/PHuuZSd4TxydEBv6iKnPWp5pGpLeYGqr+4cvJK+xlzlVNm:Lv/
Score
6/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\07c3493d1432f925f8d6d006e125530a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\07c3493d1432f925f8d6d006e125530a_JaffaCakes118.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 123⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3836 -ip 38361⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.2MB