Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
15/12/2024, 15:47
Static task
static1
Behavioral task
behavioral1
Sample
f4ad9a88c694a71d680f779ba10aca43_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f4ad9a88c694a71d680f779ba10aca43_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
f4ad9a88c694a71d680f779ba10aca43_JaffaCakes118.exe
-
Size
184KB
-
MD5
f4ad9a88c694a71d680f779ba10aca43
-
SHA1
86c4f5b13f36982ee30c1ccfe976690491242dd8
-
SHA256
5be59f7b3e742bc3f9d445b179aafcba18f7b3ec9e8908080598fd10ebdf44b2
-
SHA512
6a6ce0b734061435f983fcffef93271da69abd5029d4aa9cf5e5f05be43b9d81e1b6590b2ba8a605669c8c56b4cf199a9b0bcc4bc3919f8414cbe405e26cb14d
-
SSDEEP
3072:UkfkXP5KTx+KJDvTcNE/NgyJnDIBetryV1DC5jiq:UkMkAKdvTDgyD0OL5ji
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 548 f4ad9a88c694a71d680f779ba10aca43_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 548 f4ad9a88c694a71d680f779ba10aca43_JaffaCakes118.exe