Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
11/01/2025, 06:46
General
-
Target
JaffaCakes118_f9ea660927ad413a59dcd8f1b681bfda.exe
-
Size
24KB
-
MD5
f9ea660927ad413a59dcd8f1b681bfda
-
SHA1
a7b61c440bdaabc689fac753dcd0ad1356d8dc03
-
SHA256
7aced28ac7c72e24cf01003ec6dc8a3caccbc4c91d80a85adf73afcdd68e3129
-
SHA512
7e721cdcddf42061b155c4b356f6fd5659303c79c08cca8567c07349f338bc493a97b47b2e7ce665a982c71515ee86378a93a01fe64e2d1c7265a4948e7ebd66
-
SSDEEP
384:iXET14X4f0y4nQSMSq8FO8Mx+kGJGOfU+OWiPymAa8JEdzXa:HT1g40wSXvdMx+v3f1OWiPy3j
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f9ea660927ad413a59dcd8f1b681bfda.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f9ea660927ad413a59dcd8f1b681bfda.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\budha.exe"C:\Users\Admin\AppData\Local\Temp\budha.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
24KB
MD527c33fe2be5bc5c9e6885e314826304f
SHA144c864861f4d2a372d909660e2f67b13a2ac6513
SHA2565016c2b61c76d661ff024875eb0931ad3644354632b997885952cd9a0926e3cc
SHA512a2a9d4f4881eff27a271f59f6c954b2bd9141955f66e98704b93067fd18243361ef7ad0296f9205a1cbaaddbe86f039725850cd5d37d2223a55d2c8843885f34