Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

14e1b86795...18.exe

windows7-x64

3

14e1b86795...18.exe

windows10-2004-x64

Analysis

  • max time kernel
    61s
  • max time network
    4s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/10/2024, 20:53

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    14e1b86795bea4573f3dc5b55507458e_JaffaCakes118.exe

  • Size

    20KB

  • MD5

    14e1b86795bea4573f3dc5b55507458e

  • SHA1

    b54d8c641b798e98e37d4a44845fd559573edf04

  • SHA256

    6c403eb70efdb6044743fd319fee343695dd94c5d1b89de05fc4636d48da658e

  • SHA512

    12c4b0b3e6692318e43eba9d66a342ed234343cd6a29fe2bacfaa8303b03f6c4684cacff3625c4403d7bb6d29f555b880fdce915b4806c6d6ec5fbfa4851c9d2

  • SSDEEP

    96:/lxc6A5bKvLBakA1HJEKra8hBhqvchXmPXsGAVmEy2:/TQ5buBNA7dra2qSq88Ey

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: LoadsDriver 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\14e1b86795bea4573f3dc5b55507458e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\14e1b86795bea4573f3dc5b55507458e_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:4696
  • C:\Windows\system32\sihost.exe
    sihost.exe
    1⤵
      PID:1380
    • C:\Windows\system32\sihost.exe
      sihost.exe
      1⤵
        PID:3792
      • C:\Windows\system32\sihost.exe
        sihost.exe
        1⤵
          PID:3960
        • C:\Windows\system32\sihost.exe
          sihost.exe
          1⤵
            PID:3316
          • C:\Windows\system32\sihost.exe
            sihost.exe
            1⤵
              PID:2720
            • C:\Windows\system32\sihost.exe
              sihost.exe
              1⤵
                PID:4084
              • C:\Windows\system32\svchost.exe
                C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
                1⤵
                  PID:640
                • C:\Windows\system32\svchost.exe
                  C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
                  1⤵
                    PID:3588
                  • C:\Windows\System32\svchost.exe
                    C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes
                    1⤵
                      PID:2740

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads