Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
65s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
13/12/2024, 01:09
Static task
static1
Behavioral task
behavioral1
Sample
e9273df577a0b2960737f23d57721932_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
e9273df577a0b2960737f23d57721932_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
e9273df577a0b2960737f23d57721932_JaffaCakes118.exe
-
Size
195KB
-
MD5
e9273df577a0b2960737f23d57721932
-
SHA1
8a0cd0439c7a2ad32858d79c54ee2a8afdc4e9f6
-
SHA256
872fab6a6ec7293d4444822b21929ef9ec4c2bade1b4ab9e58621cf0f19062a6
-
SHA512
3ecdcecaceb5f7f4c5fec9a654e2b96ee5a86e0c6c87aacb6c4da22bf860246099f6ff028ffc31a5d1fb19f4e22343ab1042a853c23352a81fa818ff33208b64
-
SSDEEP
3072:nNe6Q7+/AZmRvD2gy8YmOD+rKD/HqAFL2zV30IITxq6vj5B0SINwY:g6pNy8S+rKDfrFCd0Ixu5B0SIN/
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2804 2768 WerFault.exe 29 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language e9273df577a0b2960737f23d57721932_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2768 wrote to memory of 2804 2768 e9273df577a0b2960737f23d57721932_JaffaCakes118.exe 30 PID 2768 wrote to memory of 2804 2768 e9273df577a0b2960737f23d57721932_JaffaCakes118.exe 30 PID 2768 wrote to memory of 2804 2768 e9273df577a0b2960737f23d57721932_JaffaCakes118.exe 30 PID 2768 wrote to memory of 2804 2768 e9273df577a0b2960737f23d57721932_JaffaCakes118.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\e9273df577a0b2960737f23d57721932_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\e9273df577a0b2960737f23d57721932_JaffaCakes118.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2768 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 1482⤵
- Program crash
PID:2804
-