Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
18/10/2024, 05:10
Static task
static1
Behavioral task
behavioral1
Sample
55a2ed99ab5f90b3adab07d03cc944d9_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
55a2ed99ab5f90b3adab07d03cc944d9_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
55a2ed99ab5f90b3adab07d03cc944d9_JaffaCakes118.exe
-
Size
116KB
-
MD5
55a2ed99ab5f90b3adab07d03cc944d9
-
SHA1
27ad81e203cc0e5e193331147418b6c17a3e9822
-
SHA256
b340b8ea5192145edfbee4b08fca0367531f7755b3356b751ef6c9d938edb4d4
-
SHA512
e43f74d862c3edca7dae15fdabfc7ddbd3a94f9f464e554041fb343094c745f8d182faca3c7d617c55ebd22d1f3b7b4150241e6d732ecf8b37c4781c2965555c
-
SSDEEP
1536:YGuryWkfL/+EHKwe+nEfJ/8LkDRouai7Of+YkKk7e9AeIuSDKP:YGuOzmEqwhMJ/8LkmuF7q+Yk7jeIuS2P
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 2360 55a2ed99ab5f90b3adab07d03cc944d9_JaffaCakes118.exe -
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 2360 set thread context of 1364 2360 55a2ed99ab5f90b3adab07d03cc944d9_JaffaCakes118.exe 31 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 55a2ed99ab5f90b3adab07d03cc944d9_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2360 55a2ed99ab5f90b3adab07d03cc944d9_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 12 IoCs
description pid Process procid_target PID 2360 wrote to memory of 1364 2360 55a2ed99ab5f90b3adab07d03cc944d9_JaffaCakes118.exe 31 PID 2360 wrote to memory of 1364 2360 55a2ed99ab5f90b3adab07d03cc944d9_JaffaCakes118.exe 31 PID 2360 wrote to memory of 1364 2360 55a2ed99ab5f90b3adab07d03cc944d9_JaffaCakes118.exe 31 PID 2360 wrote to memory of 1364 2360 55a2ed99ab5f90b3adab07d03cc944d9_JaffaCakes118.exe 31 PID 2360 wrote to memory of 1364 2360 55a2ed99ab5f90b3adab07d03cc944d9_JaffaCakes118.exe 31 PID 2360 wrote to memory of 1364 2360 55a2ed99ab5f90b3adab07d03cc944d9_JaffaCakes118.exe 31 PID 2360 wrote to memory of 1364 2360 55a2ed99ab5f90b3adab07d03cc944d9_JaffaCakes118.exe 31 PID 2360 wrote to memory of 1364 2360 55a2ed99ab5f90b3adab07d03cc944d9_JaffaCakes118.exe 31 PID 2360 wrote to memory of 1364 2360 55a2ed99ab5f90b3adab07d03cc944d9_JaffaCakes118.exe 31 PID 2360 wrote to memory of 1364 2360 55a2ed99ab5f90b3adab07d03cc944d9_JaffaCakes118.exe 31 PID 1364 wrote to memory of 1228 1364 55a2ed99ab5f90b3adab07d03cc944d9_JaffaCakes118.exe 21 PID 1364 wrote to memory of 1228 1364 55a2ed99ab5f90b3adab07d03cc944d9_JaffaCakes118.exe 21
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:1228
-
C:\Users\Admin\AppData\Local\Temp\55a2ed99ab5f90b3adab07d03cc944d9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\55a2ed99ab5f90b3adab07d03cc944d9_JaffaCakes118.exe"2⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2360 -
C:\Users\Admin\AppData\Local\Temp\55a2ed99ab5f90b3adab07d03cc944d9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\55a2ed99ab5f90b3adab07d03cc944d9_JaffaCakes118.exe"3⤵
- Suspicious use of WriteProcessMemory
PID:1364
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5e902586126f6819d70c276951934060e
SHA170c5fff85d05ee06f8feb095ff4c2e17c1758ed5
SHA2568c927fb27e3fad539adead2a6902ba36bc07c4165d3cf8e5a463f805f7c15a2a
SHA51260b3fbfc4a878dc1fd7bf789e0a6270bfd48ef488109dc27a8d0edefee918a6587915184d70a8776061394cd07aee3aa5343b477b31ac8323809d5bebf5fecec