Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    133s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    06/04/2024, 14:41

General

  • Target

    e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe

  • Size

    250KB

  • MD5

    e2c3b908f6ad0b09754a3ffedd9b745b

  • SHA1

    922c99841d3680765063c605f2062945108e61cd

  • SHA256

    e3d39eb60c85c6e9cab923236095cec9848af72c884a5a2e259abba6805ddb26

  • SHA512

    39ed394b24385ad49e6856188886d7b0ab53f7fda891fbfa21aef5d7e395c36030439b7d016119619fcdee34649fb6e0e399f0298f82d29eb9200e431f6cf24f

  • SSDEEP

    6144:mhieuJDr5T8b2ufqBLjSB/MS7irtIa6cwoD8ZroSfjGFA:DeKrJJuf86AYcwoaoSbr

Score
8/10

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 1 IoCs
  • Deletes itself 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Modifies registry class 26 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 14 IoCs
  • Suspicious use of FindShellTrayWindow 43 IoCs
  • Suspicious use of SendNotifyMessage 23 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1152
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files\WinRAR\winrar.jse"
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2192
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.go2000.com/?g8
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2728
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2728 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1148
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ping -n 4 127.1>nul &del /q "C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      • Suspicious use of WriteProcessMemory
      PID:2772
      • C:\Windows\SysWOW64\PING.EXE
        ping -n 4 127.1
        3⤵
        • Runs ping.exe
        PID:2768
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2376

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\WinRAR\winrar.jse

    Filesize

    11KB

    MD5

    9208c38b58c7c7114f3149591580b980

    SHA1

    8154bdee622a386894636b7db046744724c3fc2b

    SHA256

    cb1b908e509020904b05dc6e4ec17d877d394eb60f6ec0d993ceba5839913a0c

    SHA512

    a421c6afa6d25185ec52a8218bddf84537407fd2f6cabe38c1be814d97920cfff693a48b4f48eb30c98437cbbb8ad30ccd28c3b4b7c24379ef36ac361ddfdbf1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    75ca76fbb8d38ae656e1a1e7c7e992ec

    SHA1

    5e84878222dab3ef6f85677c4d10399274d2c056

    SHA256

    5ea293ccc6a297f0b1eb72ac2f88a8c46a6cf21b9b877a1360bbafb162ec26b6

    SHA512

    e5631889386a2d6cf25ecd4e6d013b569c2426cacf45e40abb0fd8e985a6e12dc0cd7138cf34e6e28f1462855849e282e2b53a1df6a8c322413ce724fe218e26

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    933308be507e47e0ddb8e6e77fec12c6

    SHA1

    3a1b1de34a4a112e4cea8b9e65d76faf70e9cbb7

    SHA256

    9f95e0c6ac82f90db327e07f88457fcabb3349df503a9ee0a252d1d8ffcd72cd

    SHA512

    b16021dabdc7c2a06d86d2996f71a869893d0efab37fd07bda981481133399858059cab020cdb6a15f151b8b9cd1acc844b0b82b5511831c5e727ad13478a4cc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    fd402f2ae1b02cc7a01e8e7beedc9c07

    SHA1

    2abf63d1f50c22e67a38a2315c098260121006f2

    SHA256

    04e982814c5f9760a35066cab1ad3531524371d64176c6e2990d23994743be5c

    SHA512

    7cc654e9467dffa8d4611e2819aeba395b7ab31df45d79774c72e16f3dc2d4d6e1e6a0f175a0d038cc96dd40f0e55a42c09560d21de123c00c5957fbc86e79d7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    edca3f52a67e027988a27886fd1bafa4

    SHA1

    fa3763ceabace0856ba2aa45a7ae270bd7935223

    SHA256

    adce642587fabc8277e24d02fcfa448923cbb6e1e309e415516f956bb1a33e6b

    SHA512

    e3f5639b95bfaaa16f640f90ec1eda34b492ed72ca0b33516b8f0dab7b65b634c4c84d24da6849990825222325a96864b775982ef1edf766479686b2cf6af4d4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f9c2c9b82d892c0462966a8c2ee32f14

    SHA1

    f007207dba9b1cc7089d23e8d38750fbfad202a7

    SHA256

    eda42d304d00e1c2e5a8cc8a1b278c09487bdd7cf9fe2f0d3a76693323f35b04

    SHA512

    feb1a124432620120800c7676eee3a2c26cd4309686309702cef2590ac9dc2b77e487c1e03f49f5fe87daf376eba9d1b8ace58fabd8df477a666d5f3b54eb9a3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5f8c50f637da526ea2c2dbcf21b655db

    SHA1

    60a3a2fabc481754606c240e85ba121e4d67ce54

    SHA256

    5fca8831d035adfad0852c5cda196d167148bdc274b6a76def4c29df844b61bc

    SHA512

    d89404e12385bf8014d54fa9f4bab67ae9e925a4795cbc7a0744ef3c0bec69c9de55dc53cc530c5ff5ae83f01dbb121c1a6260d553162c5a51bf327a567c90e7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2910ceac55cd92b7effb8fccb87647cd

    SHA1

    bcaa3cda88aa7c5afb004ff332150ad186123f76

    SHA256

    2bbe9d6d1630ff994943376d34ef95f3952c4d3d496a666e097d58439e2989d3

    SHA512

    428cd2210dcb1b365b1abbb17d9533074b1d8b362f2bf0a9465f689bc1ae144594961ca96b8a2d2da6a9a9ffba05d20db843fcbe403ff09946e4ee17756d1867

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d64c6e3c4d9e8b90fabc2c4909113a90

    SHA1

    1165a421d444d581c7db6b2a7adafaa3ef229d24

    SHA256

    0decfa7717fcbbb8874ebb328595d1261d52388b19ade7a8b3db53bdd0407187

    SHA512

    268381ab1b4a832ad6af2950bb112348cf8c9f6ce088b7bf599e0675ee31765c12fb0dad70aa236f93f84d4e0009e0f202173413084606d3e4405d30bc8f50a0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c541d847ee02703ea92073bc5a1d1747

    SHA1

    ad8114ca09714a51dfcc623d45dc391d8291d088

    SHA256

    7b43b4bc865bb8394faddbdb28f565062d2daf90dd674e6f5e1873be5c55c86c

    SHA512

    8f7ea66ba5f9b4fb81e3a2889a212299b913c7517439d67fb2b15130f260f36edaa043d0e5b0513f8ee66682190f1ebd804897afb55b95cc4fe0863a64fba16e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4c686215cd16ce635c4a8b29408b7fbe

    SHA1

    a2c49ea1625be7cde6ff1f504372ff4549aadea3

    SHA256

    c7f58522774a5581a46e46af74e3c5efadb4e776c0049ebce8865eda4233ad7f

    SHA512

    1d5a7841ce189991713953da04aeabce0e0160ef3e3dd51d4c9de9b90a8faeee22b1b6a0edfa4e956f800563797702d79985e2d2c972355d514b01940aeae7ad

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    479b76e6ddf29f182b14224b8e8d3de6

    SHA1

    3f7e9eee98ef9119bd985e7f0d950faaf9b435d3

    SHA256

    866955a2ed6da21db8860d6a86bd7f781a73f823c9896c123d96d050797dfc99

    SHA512

    4dc111ebb2af1e79b6875285c5ac9529f2e024b93aad9d02a9a5b2ac3e33e67dee333a482720aecf8d108fcc79756679c398f2989f63e500ce81b814eedf0266

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    60210e9d21eebf60c25dbab8e5667dcc

    SHA1

    3feef8ff8d74231326e4713d4fb666c98dd51839

    SHA256

    dc3dcb0b8f1e57b5afdf127b58eccddf6643da1cfa44538f128edae8b1db063e

    SHA512

    5b628ae76b8315fd86eb7d8a17c9f5023f1c5d7b6069968c64c9f06f65439d9fff74baf38ccdb41f55a5db4c1867879d6541c520b3c12d060550c162cfec65a5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    eb3d085f890489c51cc0185c0791565b

    SHA1

    cbd784223bceef6ac73c0b97e1a52476da191f59

    SHA256

    fd5b967b6ca102608fcf71ff696c73115297f5759ff93b6775a470b12286f43b

    SHA512

    ba3049a7aada6952cc19e046c1bb040cd9fc4754aad1b8c7ae84020eada72728e95a33038843a0aae60d85ae5dbc965a15e989682ccecf3962616a70689407e7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9c3e9c02587cc908ceb026ea85467a13

    SHA1

    99f4691885213fa8f03b4fa6ed4e4b9e36f715d0

    SHA256

    83886f42a13ae168867688fed8ea16ab6f15a1444cddb3ad85a0c41dfaea84da

    SHA512

    0e76a30e10e72de9db67012421267b6934bfaddd3bac94af2678f7f0c78b1f5067eff0c60b080fb36f121b1177e6735f47478091403c875804827efce464e26a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a4cd516160f09c299857230dc96d93d6

    SHA1

    8fac53a2270ba70520e52757ad08f8240bc82a42

    SHA256

    a2c5edfa4380a5dba5719c2aebaf357bfe141a74e06c6d6f9f0a374e4d3d96fc

    SHA512

    307243cfce0803233f8a89f306905ed3d1cc361715083132cceb4947f3ee48abbbd164d197b567b8b8cd10e13778eec0188debdbc79fd6a2db85e61da2f6e4fa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    29d442a3134e372376c622930e02987c

    SHA1

    f0126f9d8d7a221a8215559267465c9199c94ce7

    SHA256

    6ccb40d7dfb37843abddd7b901a34a0396885c3a24ff1b193a9c47ab86cd8564

    SHA512

    a5d546a4171c53ccbcf117ced50dacfbff9586d8234f7f13c80950ba5587a9ceb64fcc1806d8d6c76123005eb7236ffc2131196de0da60f24cbd9511c2e776e9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b030d01eb40daccf7475c6290a497471

    SHA1

    4ec2519f5e43ddf9ed4a15740c21881e4be986f6

    SHA256

    31424c9377ac90240e87b0a7d544c1d42626af495dda7678e1cb5fd636265e1f

    SHA512

    a262175f5f89208c9e655c68608466027294452df89c2e9c9244e6d053eda63719a74b28201c26c6b9fdaf5438d91bb8d94e45678147135afc30d779cd6f1739

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c1779fd7ed66419e0a1d32106626826d

    SHA1

    7d54c4da85eb7ebbbdb8b6882a6f1ac9d93c5276

    SHA256

    1b5d17df02444674d45850ced465975c7dadedb22077e0a4c7963823acfc0800

    SHA512

    71fbc68effb2daf55688438a42e386b92568ac0e9b797720c138392842e3f01590a1bcc52469cfdd405514d9f52b39631572b26316508304b175741fa8f054f2

  • C:\Users\Admin\AppData\Local\Temp\TarC0D6.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

  • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.mmc

    Filesize

    255B

    MD5

    a0c4d2f989198272c1e2593e65c9c6cb

    SHA1

    0fa5cf2c05483bb89b611e0de9db674e9d53389c

    SHA256

    f3170aeec265cc49ff0f5dcb7ed7897371b0f7d1321f823f53b9b0e3a30e1d23

    SHA512

    209798b5b153283bea29974c1433fe8b6c14f2a54e57237d021ecc1013b8dc6931dedcc2fe173d121c719901045fdf2215177ba164c05d703f2e88a196252ec4

  • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.mmc

    Filesize

    149B

    MD5

    b0ad7e59754e8d953129437b08846b5f

    SHA1

    9ed0ae9bc497b3aa65aed2130d068c4c1c70d87a

    SHA256

    cf80455e97e3fede569ea275fa701c0f185eeba64f695286647afe56d29e2c37

    SHA512

    53e6ce64ad4e9f5696de92a32f65d06dbd459fd12256481706d7e6d677a14c15238e5351f97d2eb7bfb129a0d39f2603c4d14305a86821ed56e9face0bc252b6

  • memory/1152-0-0x0000000000400000-0x00000000004B1000-memory.dmp

    Filesize

    708KB

  • memory/1152-35-0x0000000000400000-0x00000000004B1000-memory.dmp

    Filesize

    708KB

  • memory/2376-246-0x0000000004100000-0x0000000004101000-memory.dmp

    Filesize

    4KB

  • memory/2376-677-0x0000000004100000-0x0000000004101000-memory.dmp

    Filesize

    4KB

  • memory/2376-1113-0x0000000002720000-0x0000000002730000-memory.dmp

    Filesize

    64KB