Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
18/10/2024, 08:49
Static task
static1
Behavioral task
behavioral1
Sample
5681b709a6d11a3d2fc1697507f0d3f3_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
5681b709a6d11a3d2fc1697507f0d3f3_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
5681b709a6d11a3d2fc1697507f0d3f3_JaffaCakes118.exe
-
Size
1.9MB
-
MD5
5681b709a6d11a3d2fc1697507f0d3f3
-
SHA1
04857c042c7bdefc67560dbc5b26acc1f52a5878
-
SHA256
7add58a44b0a7739288c0c0410e084fb327422f03bfdbb9973260c2a858dd014
-
SHA512
61a66b3ec748a38e8756e65db5fa6a804e3e33f693b4ddeecf57a1b992177fd84ec7be07b8c9e5961275c6c7d8d17957f9e7004386b5e682ee4fc33bebfab79b
-
SSDEEP
24576:3FrOPpTc9+kvjz/qWSBNV8nmR7Cf09+XB/MWyCK:VSPNipSBNKmRL3zD
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/2156-1-0x0000000000400000-0x00000000005C3000-memory.dmp upx behavioral1/memory/2156-3-0x0000000000400000-0x00000000005C3000-memory.dmp upx behavioral1/memory/2156-2-0x0000000000400000-0x00000000005C3000-memory.dmp upx behavioral1/memory/2156-5-0x0000000000400000-0x00000000005C3000-memory.dmp upx -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 5681b709a6d11a3d2fc1697507f0d3f3_JaffaCakes118.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2156 5681b709a6d11a3d2fc1697507f0d3f3_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2156 5681b709a6d11a3d2fc1697507f0d3f3_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\5681b709a6d11a3d2fc1697507f0d3f3_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5681b709a6d11a3d2fc1697507f0d3f3_JaffaCakes118.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2156