Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    10/10/2024, 13:20 UTC

General

  • Target

    300f3f1f1a66b1e440cbdc4efd14e2ef_JaffaCakes118.exe

  • Size

    802KB

  • MD5

    300f3f1f1a66b1e440cbdc4efd14e2ef

  • SHA1

    8e1043d8c4b2315fba6d8a9692846f8791c22436

  • SHA256

    71609c370ed4d3d62069401d753b937faf2dc66c0003409999946f5eb1046816

  • SHA512

    a176a7f2d87f8c77b72ad484f315af203502829ddbdaa2d24fe48d656bf65b3166f2cb452067e1b0ef8b4aaa3fa7a4daf32eee65a1b434e44a438e5b1c0c452e

  • SSDEEP

    12288:tt0Q5JEq/y6INX6LRgU7e9OmunzkiL3TJjcKhX3ak0xN:/0kGq/wKgDO3QMJjcKhHaj

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\300f3f1f1a66b1e440cbdc4efd14e2ef_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\300f3f1f1a66b1e440cbdc4efd14e2ef_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    PID:2732

Network

  • flag-us
    DNS
    www.google.com
    300f3f1f1a66b1e440cbdc4efd14e2ef_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    www.google.com
    IN A
    Response
    www.google.com
    IN A
    142.250.200.36
  • flag-gb
    GET
    https://www.google.com/
    300f3f1f1a66b1e440cbdc4efd14e2ef_JaffaCakes118.exe
    Remote address:
    142.250.200.36:443
    Request
    GET / HTTP/1.1
    Host: www.google.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 10 Oct 2024 13:20:10 GMT
    Expires: -1
    Cache-Control: private, max-age=0
    Content-Type: text/html; charset=ISO-8859-1
    Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-64uSJxtHTrBJonDXa2TWcQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
    Accept-CH: Sec-CH-Prefers-Color-Scheme
    P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
    Server: gws
    X-XSS-Protection: 0
    X-Frame-Options: SAMEORIGIN
    Set-Cookie: AEC=AVYB7cpiyI51FjozUA1H_P_DkFhnYnBWFy0rl2bHHGEfYH8CFUGyyT7PSQ; expires=Tue, 08-Apr-2025 13:20:10 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
    Set-Cookie: __Secure-ENID=22.SE=ENyNkif4b4pZRvkMO95CDBsbdHZweDJ0P8sMRR2g1Xh5SY5u_liRrxFUhtdvnps-nzISIF5_GyIAbY6XkAxc9bLxGrh4GZJWH_Wbni9EFWH4J6AhvAHZIjy2G3zRWfWUEFan0r_agUgX5y5kdwWji4sELcFJPjUWf7ZIu5Q4IVBJSpLjmfiiunnM5qWijww9myvEqRd3bHpW; expires=Mon, 10-Nov-2025 05:38:28 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Accept-Ranges: none
    Vary: Accept-Encoding
    Transfer-Encoding: chunked
  • flag-gb
    GET
    https://www.google.com/
    300f3f1f1a66b1e440cbdc4efd14e2ef_JaffaCakes118.exe
    Remote address:
    142.250.200.36:443
    Request
    GET / HTTP/1.1
    Host: www.google.com
    Response
    HTTP/1.1 200 OK
    Date: Thu, 10 Oct 2024 13:20:40 GMT
    Expires: -1
    Cache-Control: private, max-age=0
    Content-Type: text/html; charset=ISO-8859-1
    Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-jD7-w7yaK-vyYfMhBSjhng' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
    Accept-CH: Sec-CH-Prefers-Color-Scheme
    P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
    Server: gws
    X-XSS-Protection: 0
    X-Frame-Options: SAMEORIGIN
    Set-Cookie: AEC=AVYB7cqgLZgtw-Cbczqa0xN4C4RCtU2kIwwDdj5SYhY8U-BmLCvXDkp4PZs; expires=Tue, 08-Apr-2025 13:20:40 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
    Set-Cookie: __Secure-ENID=22.SE=lf6OjjKzGA36NFtSQ-eEM25D9gwt8LvCGKjrjTB2UB3CouFx4NbksPfanWs8p7erKAT-8Q9dlJch0iYfU_BNkHSHrGIiaPIsqZYV_tmm3_poK0piUJZIP3qBITU0IcCFkMKP0xOyfpwOERa1R_YwEHyNcEB3BthqRecldoR9a6veoeioyvrrTeHs-9WUutuot6KtE5mnk0g; expires=Mon, 10-Nov-2025 05:38:58 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Accept-Ranges: none
    Vary: Accept-Encoding
    Transfer-Encoding: chunked
  • 142.250.200.36:443
    https://www.google.com/
    tls, http
    300f3f1f1a66b1e440cbdc4efd14e2ef_JaffaCakes118.exe
    1.6kB
    65.0kB
    28
    51

    HTTP Request

    GET https://www.google.com/

    HTTP Response

    200
  • 92.123.128.150:443
    www.bing.com
    tls
    300f3f1f1a66b1e440cbdc4efd14e2ef_JaffaCakes118.exe
    346 B
    179 B
    5
    4
  • 142.250.200.36:443
    https://www.google.com/
    tls, http
    300f3f1f1a66b1e440cbdc4efd14e2ef_JaffaCakes118.exe
    1.6kB
    64.0kB
    28
    50

    HTTP Request

    GET https://www.google.com/

    HTTP Response

    200
  • 92.123.128.164:443
    www.bing.com
    tls
    300f3f1f1a66b1e440cbdc4efd14e2ef_JaffaCakes118.exe
    346 B
    179 B
    5
    4
  • 8.8.8.8:53
    www.google.com
    dns
    300f3f1f1a66b1e440cbdc4efd14e2ef_JaffaCakes118.exe
    60 B
    76 B
    1
    1

    DNS Request

    www.google.com

    DNS Response

    142.250.200.36

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2732-0-0x0000000074D5E000-0x0000000074D5F000-memory.dmp

    Filesize

    4KB

  • memory/2732-1-0x0000000000B30000-0x0000000000BFE000-memory.dmp

    Filesize

    824KB

  • memory/2732-2-0x0000000074D50000-0x000000007543E000-memory.dmp

    Filesize

    6.9MB

  • memory/2732-3-0x0000000074D50000-0x000000007543E000-memory.dmp

    Filesize

    6.9MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.