Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    07/04/2024, 18:25

General

  • Target

    e592d49574997f539f7c2a625cb5f8f4_JaffaCakes118.exe

  • Size

    43KB

  • MD5

    e592d49574997f539f7c2a625cb5f8f4

  • SHA1

    3aca853c85b048988f5a6f8c8bf742b42c751e0a

  • SHA256

    2795fe0cd337d04014c0174166a3528a955439fe3fbd8d054637f8e6e73fb2ff

  • SHA512

    740f9445b7816191a73a996d24e047969996adf21a0050bd3d2d52fd9299b5ce992e282b407e71eb17671d8cf7063856313b2d040139790ec10232eb3ecac4fb

  • SSDEEP

    768:j6eLfhoEXniM3Nu3+7AzdESFu/qa0G9pSCA5tyaiCcLiIWC:jlzD9Q/z5Fu/qXASVsPRW

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 25 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e592d49574997f539f7c2a625cb5f8f4_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e592d49574997f539f7c2a625cb5f8f4_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:1620
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c start iexplore -embedding
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2220
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -embedding
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2788
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2788 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2664
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c "C:\Users\Admin\AppData\Local\Temp\twe401C.bat"
      2⤵
        PID:2472
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c "C:\Users\Admin\AppData\Local\Temp\e592d49574997f539f7c2a625cb5f8f4_JaffaCakes118.bat"
        2⤵
        • Deletes itself
        PID:2480

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      34b2e5de0846d1b172cb0be19a103be8

      SHA1

      3c7a2e415e5c4325b1239d31f4cef442b05ab7ff

      SHA256

      d2d805d31033501b5213f2b2404edb619fb16d229076796dfac34958324fb602

      SHA512

      2da28aad3cf0f6a2cc4b1225775e52630abef9efa3bf6cedcb81104bb751f030893ddb919cf83ae802cc7977173a6ff88c2a7e8e8dcd3355785d884104c76506

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      37257f48192594e986ef6de1fc8c4a6a

      SHA1

      ac8e9ec71e6bc389718706d3441855658b73b0bd

      SHA256

      fde427828a7a6fd91b373d83596bd7c86862552dd9f6dafccf4dcacbfe1f6856

      SHA512

      5c8e61ea700bc05f0b3cdf372d7869006d8ef73923228f2690ab198c4baf48bdb784b2230663b62bc2ae749dafe98180522b5e2bf5d1c75a2273bf4ea20e2f61

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      df4e29ee5befb52d67b74641a964f169

      SHA1

      00ea74f87efce28d5672f54f183e74a2d19a5e13

      SHA256

      a03f4381f7b7c3d93a63db703404306c2922f9f15cc2a3af7d4f9ede40871959

      SHA512

      21d86edeba8406dd1dbd2630bb1cd38242e581e02edbf1b510376ee0203fcca7908065f10796d468db1b852371ca070754e6d11116d361703cbd4d8ff03b6d2e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      1aee54a05d7fc83e87cc7a2076563f89

      SHA1

      86b95df78c1ade73ad5a9c750938435cd264bb28

      SHA256

      ce9f7bf0443f84dd25dc24267aef8c23974051a4fb067eb572583d85ba15ef2f

      SHA512

      e10b9e970caa8c5b6eb37ab7b208efe121f509fa5382ae8056a564a0a91d0071131b27d1dca49b314ef768b8a44c6bcbbfd945ca254ac860616f093db8074f76

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      c71668cccb4e12d72bfbefb56ae58137

      SHA1

      4f8ab36de1c468d92d1b29a4107531d289c20632

      SHA256

      bf4659206e5aeb7ef986a843883f7790b966a1c16457c8758ec1bfcb80258bed

      SHA512

      cb1b7adb339a028a690008e7d95bdbbbf06df47eeae5c2a14bc824888e8fda67006fcefaa183d816a327ed375b48a640e664097fa063ea44a9735cb2a99b8d8e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      2f3f4d9a7bf39aaaddfe4703ffa72db5

      SHA1

      030cee8c1566c6c58aa09778dc16543320a25698

      SHA256

      8b7024afc35efbed11c040aa27f6869ae0907b1d9151ec648fe739c0b0dae229

      SHA512

      5cec63bd6b3ac1fa386b36f22c2cc192314fa5b6e8299ac466a6ca7145ed738b84e7be4b2bfd7411110ba36c78a17537d8b9aef06f4e4e87440048dee35d0ac1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      eaddb06e0e04354aae35cb04f76decdc

      SHA1

      a2be337a5abcebffc949443b33720e36275d4c55

      SHA256

      5ef8c2a607a63702ded7400c4ca10280eee6f3ac153a524552f679125c6872d7

      SHA512

      daa0675e7d1b80754a4bb59d1286644610dc158385d3c9e3615a2de4bcf584f4b7e51e2528090d303d59178531cc42e4ec1336d69b4f7f78bbb90081aade7510

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      ad0610f7e74ebcee06e1dbf6b9f683a0

      SHA1

      b404560194e4c91b2c08b5354b54e655c0f4b766

      SHA256

      ffd8d1cf622fa023747d0d92ab3d706a61ff582f6add325436e93b133767e0b9

      SHA512

      6c290be961427e05ea7a45e76c0ebd8e5c833f36a57f0c27a57fb5f7ab793c627c1414bc7a1d909e7c2a88d079a43e1ea24938ad5b1a46eb8e619904310e6791

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      4017bde972a8b7771cc423e4ef2a5ad9

      SHA1

      02bfa194d6dfbba49a9b873e53c42dc5d0bc4cea

      SHA256

      b3b6c5dcaf5d1b7ccb6ac44e8ad7254200a5079d09ddcb7023ad021d0eceabde

      SHA512

      0b92a13dd5581dd5b77e25740a30b6607a7dae2e2f5c0ac603f78de633791a1d660b1844dfa9e845a81b26ffdae42091769491cca8da1a30fe66f46a51e11d14

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      303dc73d0355707a64f0a890514acb6c

      SHA1

      8037e61de26f321412333df323376ba44c2a2ddd

      SHA256

      3c2ebc797df5f950331024a05d2f677585ac51da7495465e628125845a76c3d5

      SHA512

      81d43649bffa94d28d488dfef59e0a818d0fda144b7d1777e8784a2014fd479f1f1025981389bb8905408c754e0c54b40dec1c3994f702100a13386578281f9d

    • C:\Users\Admin\AppData\Local\Temp\Cab4349.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\Tar4498.tmp

      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    • C:\Users\Admin\AppData\Local\Temp\e592d49574997f539f7c2a625cb5f8f4_JaffaCakes118.bat

      Filesize

      305B

      MD5

      22b4da4bb3ec91eefaec419350d18b7f

      SHA1

      d777414397a18f00d875d5556314d56ca305aeb2

      SHA256

      0d6c4cd95c947a0e6ab7107b30844498df39e739fcfc082782446e9aabd532e0

      SHA512

      428e16ecb74182282022c41e1c3169eafd75a74d84d82eff1357442625301e4fb74b0a6fc618696aba1e4a294f8be7ca7b58b3d12725c9614ab6e9df9e7be83a

    • C:\Users\Admin\AppData\Local\Temp\twe401C.bat

      Filesize

      188B

      MD5

      1621b3bee84869c4e0fddf9d9fcb27df

      SHA1

      6e13145d000519e3fbe0d92c252afc337fd5b61e

      SHA256

      29eb44b186621ade454838953add0e6c4ff5956095d0b6b973a7ad59c3bfb13b

      SHA512

      2ee07ae6460da7233c24cc757b9618b4718a5d0145558cec8b9cd0744d8eb8e769a0904ca7be69992dcc5c5cfb30957f4aeabeea5183a06ad3825991287d53ec

    • \Users\Admin\AppData\Local\Temp\twe401C.tmp

      Filesize

      32KB

      MD5

      4173c8c06f92cfef803809d8688361a7

      SHA1

      a31fbe9f55bce6b8f1ce640fc97572b434ef42f5

      SHA256

      0852005c9d2ed4c0619dee7ac05613e9a5e3b5e6b236db239e11e80ce04232fa

      SHA512

      f811946953d58b87e84bbb08c2a53cc33935795c4ae0b24ddbd97764c4e2dd3704eaf75a61cdb03bd7c22497da8b7d1c6f5aefd68add93bae0058a7dacbdb125