Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    09/10/2024, 05:04

General

  • Target

    2b599dda27a3c0cf5f5901a056367560_JaffaCakes118.jad

  • Size

    132KB

  • MD5

    2b599dda27a3c0cf5f5901a056367560

  • SHA1

    a2fb8a7547bc2a52530d15715a3f2f464f7bf474

  • SHA256

    069724dd48f8d4ef5b09530f2695d6b9627c4e799ed4f8df797605b2e05b4350

  • SHA512

    094f997807c253ff332df1f1462bde8969050f31cf5f048a3a868222a89590534b038df7211837ea9431d663a6bfab92754cbe5d2e547b00599622d70d2766b7

  • SSDEEP

    3072:X8t6nY7UmZsArG/ZsArG2ZsArGpZsArGQZsArG4j:X8G+UmZTmZTvZTsZT9ZTTj

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\2b599dda27a3c0cf5f5901a056367560_JaffaCakes118.jad
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1864
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\2b599dda27a3c0cf5f5901a056367560_JaffaCakes118.jad
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2888
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\2b599dda27a3c0cf5f5901a056367560_JaffaCakes118.jad"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2908

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    595b0f142017ecfa1c886ef7f3c1f076

    SHA1

    61cb91e2c4b6ff9e81f9e30e42dbed319bd992f0

    SHA256

    b15ff4fa07b9dd6278ada55950f6166db170697a1d78ec0bdc29d9b71688be35

    SHA512

    0844e9ee16b6e10956133e12e738352cf76f1840a4a4c7cde86b846b54192b1547d7e6cd3ed89e751789c2d7bda96252321f9ba9ee1fce2cb4ce10dc578dcfc1