Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
34s -
max time network
35s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
04/10/2024, 08:54
General
-
Target
12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe
-
Size
576KB
-
MD5
12aa4a99be0d56cff118505edb815346
-
SHA1
a3fc6df33b90821231200771af03fd042228218b
-
SHA256
c9c98f92d4eee2ed2cb55d7410b6e3528c39d08d83cdac92526ca9bd34c1e00f
-
SHA512
18a03073629d384cdce192cc8a199777c6ab37414ab339713e1f952ae24d9e13dce0edd3e067c6c789ad7e2cf69436f039358e7c6cb6713b51f13b29559709d4
-
SSDEEP
12288:m4GdCP0FvEgU41cdqUK6Tgmss1sjZ7UqngHK6j1f6P0tB/6p5S:m4Gdtvi41cdqUK6T6s1sjFUqd6jlaYKS
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SendNotifyMessage 1 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\12aa4a99be0d56cff118505edb815346_JaffaCakes118.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD51959eb33004d6107d3412e109c37b742
SHA159c3a787483e7743d5b805cd36726a0bec7e4992
SHA256e60a764cd4d721c9fd261555510c51c668d112a37f2da2f0be1da6dceaa5f8ad
SHA512238724a6b809d371c6ebab6057c61019e48caf7dd3245c6dca77efb5c015703a206472a9b82f778114c8dce3f10dd13fba972644b137020e4e5507053358e68e
