Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
21/01/2025, 01:31
Behavioral task
behavioral1
Sample
JaffaCakes118_012767dcb07b7b220efa8082bec90bde.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_012767dcb07b7b220efa8082bec90bde.exe
Resource
win10v2004-20241007-en
General
-
Target
JaffaCakes118_012767dcb07b7b220efa8082bec90bde.exe
-
Size
804KB
-
MD5
012767dcb07b7b220efa8082bec90bde
-
SHA1
7a9b74bf61c6410163e7474e962485250fe0626a
-
SHA256
6450e50e2a6da774c83eb680b644c56b7c9d8b79e48e59fb7b554dbe82f83795
-
SHA512
92c198b7d3d88dec7f15a9a32c54a18f62cca70676602f83acee85e8232e3f988b9cbc28de7e6c36837582d43fe7ba83999a4bd667128ef7ae85dc6ffb170a05
-
SSDEEP
24576:LESZAyEvJAIDtrKbxacFSUH3vv2vvlnBLn+743EBXvL3C:QtxNDtr2lSk3n2vdBLn+743IbC
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Extracted
metasploit
windows/download_exec
http://string.dyndns.org:8080/INITM
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
resource yara_rule behavioral1/memory/1288-0-0x0000000000400000-0x0000000000542000-memory.dmp upx behavioral1/memory/1288-2-0x0000000000400000-0x0000000000542000-memory.dmp upx -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language JaffaCakes118_012767dcb07b7b220efa8082bec90bde.exe