Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
10/10/2024, 13:20 UTC
Static task
static1
Behavioral task
behavioral1
Sample
300f3f1f1a66b1e440cbdc4efd14e2ef_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
300f3f1f1a66b1e440cbdc4efd14e2ef_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
300f3f1f1a66b1e440cbdc4efd14e2ef_JaffaCakes118.exe
-
Size
802KB
-
MD5
300f3f1f1a66b1e440cbdc4efd14e2ef
-
SHA1
8e1043d8c4b2315fba6d8a9692846f8791c22436
-
SHA256
71609c370ed4d3d62069401d753b937faf2dc66c0003409999946f5eb1046816
-
SHA512
a176a7f2d87f8c77b72ad484f315af203502829ddbdaa2d24fe48d656bf65b3166f2cb452067e1b0ef8b4aaa3fa7a4daf32eee65a1b434e44a438e5b1c0c452e
-
SSDEEP
12288:tt0Q5JEq/y6INX6LRgU7e9OmunzkiL3TJjcKhX3ak0xN:/0kGq/wKgDO3QMJjcKhHaj
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 300f3f1f1a66b1e440cbdc4efd14e2ef_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2732 300f3f1f1a66b1e440cbdc4efd14e2ef_JaffaCakes118.exe
Processes
Network
-
Remote address:8.8.8.8:53Requestwww.google.comIN AResponsewww.google.comIN A142.250.200.36
-
Remote address:142.250.200.36:443RequestGET / HTTP/1.1
Host: www.google.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-64uSJxtHTrBJonDXa2TWcQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
Accept-CH: Sec-CH-Prefers-Color-Scheme
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Server: gws
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: AEC=AVYB7cpiyI51FjozUA1H_P_DkFhnYnBWFy0rl2bHHGEfYH8CFUGyyT7PSQ; expires=Tue, 08-Apr-2025 13:20:10 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
Set-Cookie: __Secure-ENID=22.SE=ENyNkif4b4pZRvkMO95CDBsbdHZweDJ0P8sMRR2g1Xh5SY5u_liRrxFUhtdvnps-nzISIF5_GyIAbY6XkAxc9bLxGrh4GZJWH_Wbni9EFWH4J6AhvAHZIjy2G3zRWfWUEFan0r_agUgX5y5kdwWji4sELcFJPjUWf7ZIu5Q4IVBJSpLjmfiiunnM5qWijww9myvEqRd3bHpW; expires=Mon, 10-Nov-2025 05:38:28 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
-
Remote address:142.250.200.36:443RequestGET / HTTP/1.1
Host: www.google.com
ResponseHTTP/1.1 200 OK
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-jD7-w7yaK-vyYfMhBSjhng' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
Accept-CH: Sec-CH-Prefers-Color-Scheme
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Server: gws
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: AEC=AVYB7cqgLZgtw-Cbczqa0xN4C4RCtU2kIwwDdj5SYhY8U-BmLCvXDkp4PZs; expires=Tue, 08-Apr-2025 13:20:40 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
Set-Cookie: __Secure-ENID=22.SE=lf6OjjKzGA36NFtSQ-eEM25D9gwt8LvCGKjrjTB2UB3CouFx4NbksPfanWs8p7erKAT-8Q9dlJch0iYfU_BNkHSHrGIiaPIsqZYV_tmm3_poK0piUJZIP3qBITU0IcCFkMKP0xOyfpwOERa1R_YwEHyNcEB3BthqRecldoR9a6veoeioyvrrTeHs-9WUutuot6KtE5mnk0g; expires=Mon, 10-Nov-2025 05:38:58 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
-
142.250.200.36:443https://www.google.com/tls, http300f3f1f1a66b1e440cbdc4efd14e2ef_JaffaCakes118.exe1.6kB 65.0kB 28 51
HTTP Request
GET https://www.google.com/HTTP Response
200 -
346 B 179 B 5 4
-
142.250.200.36:443https://www.google.com/tls, http300f3f1f1a66b1e440cbdc4efd14e2ef_JaffaCakes118.exe1.6kB 64.0kB 28 50
HTTP Request
GET https://www.google.com/HTTP Response
200 -
346 B 179 B 5 4