Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
26/12/2024, 23:46
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_da09dcb834819e8acd123a7fb06e38c8dd584522753003cfa9d501df0a2b3a83.tar
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_da09dcb834819e8acd123a7fb06e38c8dd584522753003cfa9d501df0a2b3a83.tar
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
456-Invoice.js
Resource
win7-20240903-en
General
-
Target
JaffaCakes118_da09dcb834819e8acd123a7fb06e38c8dd584522753003cfa9d501df0a2b3a83.tar
-
Size
168KB
-
MD5
40d40ff9bde90b3d2a1dc9c3baa28ef2
-
SHA1
2b6d3a816d490b41565ee19445a4221c978130da
-
SHA256
da09dcb834819e8acd123a7fb06e38c8dd584522753003cfa9d501df0a2b3a83
-
SHA512
b17161b558af25bab462cc21d2cae427b6f406a825b762d5a1d8e6b960243b1f4327d2336bbae142c70c995e4f20bee29e1df3c7ede691780956ae64d5fb67bf
-
SSDEEP
3072:06EsOoG2OGyjn37WIMnhHXmhRZkIQQZ9ophBCvD9hsbVhjv:6sOotKeIMnimk+EIb
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 548 7zFM.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeRestorePrivilege 548 7zFM.exe Token: 35 548 7zFM.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 548 7zFM.exe
Processes
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_da09dcb834819e8acd123a7fb06e38c8dd584522753003cfa9d501df0a2b3a83.tar"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:548