Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
01/10/2024, 22:56
Static task
static1
Behavioral task
behavioral1
Sample
07c3493d1432f925f8d6d006e125530a_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
07c3493d1432f925f8d6d006e125530a_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
07c3493d1432f925f8d6d006e125530a_JaffaCakes118.exe
-
Size
2.1MB
-
MD5
07c3493d1432f925f8d6d006e125530a
-
SHA1
a03c3d303c82e22cf8dc936049cf07d5059d8ff5
-
SHA256
91e48959cf21cd7d0d11b048d5999fd6a52324b676538f1369cb489bbdd1742d
-
SHA512
3934aa538a88e858d108d960901a9952e50ddfad22245a5670427739f2890790e13e944cb6ea5eaac3a745b72a296057b29109e9ce7e08eb1b66c876758a1591
-
SSDEEP
24576:LSihcj6jBSt/PHuuZSd4TxydEBv6iKnPWp5pGpLeYGqr+4cvJK+xlzlVNm:Lv/
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2520 3836 WerFault.exe 82 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 07c3493d1432f925f8d6d006e125530a_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3684 wrote to memory of 3836 3684 07c3493d1432f925f8d6d006e125530a_JaffaCakes118.exe 82 PID 3684 wrote to memory of 3836 3684 07c3493d1432f925f8d6d006e125530a_JaffaCakes118.exe 82 PID 3684 wrote to memory of 3836 3684 07c3493d1432f925f8d6d006e125530a_JaffaCakes118.exe 82
Processes
-
C:\Users\Admin\AppData\Local\Temp\07c3493d1432f925f8d6d006e125530a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\07c3493d1432f925f8d6d006e125530a_JaffaCakes118.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3684 -
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe"2⤵PID:3836
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 123⤵
- Program crash
PID:2520
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3836 -ip 38361⤵PID:4904