Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    93s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/12/2024, 23:33

General

  • Target

    c9eac63f583edaca596e4102c3900771_JaffaCakes118.exe

  • Size

    156KB

  • MD5

    c9eac63f583edaca596e4102c3900771

  • SHA1

    2c35aa8aeb1a5d898f05d5f1af8fe732bf4bdd24

  • SHA256

    b841c253a2fc6b627b2a278cd6d1fea9cf88fde99d28ef11a2644d0ed22f6480

  • SHA512

    0186f89a4a059416705c60b3d4dbd3337b8bc8bff8804e49dd66aa8d5de296a3a71c91c324c3b2374117d639a57f613408d0af54d441fc124683f59c78a83ac5

  • SSDEEP

    3072:UfWtcjNULF5L1PBzQCZys7BDipPSfazCwrbjGuWQGOxv:QtjqLF5L1fZys7BDwPCcGu0Ot

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\c9eac63f583edaca596e4102c3900771_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c9eac63f583edaca596e4102c3900771_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:1512
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 408
      2⤵
      • Program crash
      PID:2452
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 1512 -ip 1512
    1⤵
      PID:4124

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads