Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

f1ea40b351...18.exe

windows7-x64

7

f1ea40b351...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    15/04/2024, 21:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f1ea40b351ca5cba9b4e476555b23adf_JaffaCakes118.exe

  • Size

    32KB

  • MD5

    f1ea40b351ca5cba9b4e476555b23adf

  • SHA1

    14dd671e293788dc775a0ee2684fe55849921b9d

  • SHA256

    3df93e4120dd97dd1df97bb2ac2b7eb1ac211ffe9a8e7b68b79e1aa20888b3d4

  • SHA512

    d4dfd41a2e38f9f408329f571d9d2c1f736770316ff4f1e82c9a077bdab1f13703bf15dd5e83e8ff1532f72e446fe80f963fa341ddbb9abdb3b2d8617cb2ee1c

  • SSDEEP

    768:j8rZ9imdUCJycI+zXDAEGBHtHdmOqicjp2nbcuyD7U:j4kctXI+DDA1tt9LIp2nouy8

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 45 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f1ea40b351ca5cba9b4e476555b23adf_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f1ea40b351ca5cba9b4e476555b23adf_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1740
    • C:\Windows\SysWOW64\wscript.exe
      "C:\Windows\system32\wscript.exe" //B "C:\Users\Admin\AppData\Local\Temp\pcUHegsoxB.js" "C:\Users\Admin\AppData\Local\Temp\f1ea40b351ca5cba9b4e476555b23adf_JaffaCakes118.exe"
      2⤵
        PID:2980
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2556
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2556 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2424

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ed33bc8b43f6bd1b5c533dc266be0e9c

      SHA1

      54b38415c3a7b9ea0ea52182df2d05591a5e4c7a

      SHA256

      e7be737dee6b827d1ce2886ce4349eca15ceb9d867f7d3fd4e65885d3181dec2

      SHA512

      5c615855e289b5df4f9e12d23f6a57d5c151822016b461396dd2adc5483eb7fabe875d8a8a1a938d5678de366580e042ea19e411a0e3eaffd7e3d9cb9e9c6d73

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c8c9acf8efb0f4ca84fdd825bb534366

      SHA1

      880f80e50f912b8b55a5d53c8521248c792af75a

      SHA256

      e289650003fcd7b6371691a5133667601fce3ae5f987cb2a46e08102a3421007

      SHA512

      5e2bae749d982083ac8f172554f4a658c03abcbf6e3b64ccb248addf9d25c60c6dae52126695f8a46a13044455520e65b891668425892571b9d8ef64a67c04d4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      daa647f1b4bc72397dadccdf84fcc8ad

      SHA1

      0dcc6fe978f40c3610e32c97996f4d01e0d86bc8

      SHA256

      445eb4f4bb489b8b62736411a3265c83f688afb322a1e15c4cfd8f387098a3e7

      SHA512

      3b70824390bea39d69ed2c51851bd2e3ec5f4e56f70d9061fe05079c423323ce199208d39ff8b063553af70313a9dbbee8e136e819589eeb61e8a3e1d52707cd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      fb7d93434e57ea8f4353e0f60b634349

      SHA1

      d3cb1d0ce1162c1346c7a009bf5bbd307be968cf

      SHA256

      8319cccbf000cfc883e982310544a63a58179de26ed7e8ca5fbee114ab375a64

      SHA512

      d7a527e20e475cecfcfbf7254363f156d5cfe9f73008a65d1e12c380e373dbe63eca599ffe597ba97493f28d026889dcaf76423a879a8ecbe2a9456f50719e6f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1c64e66bb035be6a553012d5c3c7adce

      SHA1

      079e25963aa1d4f66e1f3b889b8a24359618fec5

      SHA256

      ed2c7d1d921f2b4c8ed9693e4d321435a767434053bccef92a79638739e5af20

      SHA512

      df8bc9585b921d0b896436c29fe524e757304f278423537fc73ea72afb7fc6b22ee9c6f4a35838acf3c7d319c175fe81f1bb9eb9c68b61b04409c2a1510d51cb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3520a98b9043c09bb3b9dd602f31af9c

      SHA1

      7d62723ba69a150831c1458aed2a2ba44578b8b8

      SHA256

      ccfc5c1d7119113c908eb48d439380894389821a859e306d55c6bcbde38eb4b8

      SHA512

      05d6247caebae597ad3857db0d7155f83f5cfa4f09afaae68686f291dc0b6a4aadd2c50d49102aaef3c9dbd2676e2ed375a52f74462d27e9d4c6ac36d51f18f5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      39a10881fa04cc3a2d7cabda441d49b9

      SHA1

      87743db9e76870b73fe18b88798b507d0d5ec4ba

      SHA256

      1bddd0fde45972ad7d042f3fbf0c2d18c8269074d09e3c87bf993ebb2ec4951a

      SHA512

      52803926454159fe714ff95d28079f27b9104b8962c22ac2b213a37c41a9fbb9e434ed9b819abb21ee3213415cea74a5a817b7c1a663bd45f71b2ee2289b1b03

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      cb0e32130d8f0ae547110cfdcde2b330

      SHA1

      1db0a21a9106a579ed9e2aaca56eff2f5e83c82b

      SHA256

      e6b5ed9928baf9d39cbc6a1f81da0a3554fdd8d93905c0541588716842cbf732

      SHA512

      f2ab5208053ec87129762f8254073bd0402db677fe5551a486027b2bae76ebafe1bd417c4db5cec62b378a741948e295e09e0d1ba34af943b91c1d579ea90fc9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      775e5eb1ebf4033d5a3beb4854a692d9

      SHA1

      8270e0363c0e40fcac8be23899c8b292be6bce0a

      SHA256

      008a3d5b6bfc8c5da1f68a504c0404cc6e547a2ca8c3e99a14a2f60c3341c05b

      SHA512

      d0e26cbeadb1d71ce810fd66a1290b546acfd9812c056fb5cb9dfaaaf3c292a37ed1be8b5e6aa5dc1d963d3c1946535856be34b025547f0634133f8466d9f859

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6c26d07be7651e60457fc4889936bfdb

      SHA1

      82f387f168787dfbe31b25b737910e7ab18f2711

      SHA256

      ff51fc598da3d7b628991954960227e385aca30d1d2f85060e3ce8505298faa9

      SHA512

      41a62c7f4b634728900a302c8ec23efba6eb95cd58ae7181938fa89101eb0e7bece59eebbd756822ee54fd79c399ea4a25aa4424b774fe80e7a035e83c661ed5

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\RDDYO9MX\adult.oo[1].xml
      Filesize

      13B

      MD5

      c1ddea3ef6bbef3e7060a1a9ad89e4c5

      SHA1

      35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

      SHA256

      b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

      SHA512

      6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IT88KKGO\favicon[1].htm
      Filesize

      291B

      MD5

      b73189024a094989653a1002fb6a790b

      SHA1

      0c44f096cd1fec253c1fe2fcfcd3c58fe05c402d

      SHA256

      014c471c07b2bc1b90cf5b46eb8eb60abe3ac278e43cd8fcc7c4e6c8950c592d

      SHA512

      1bca726835d33847812060c968e5306535f513429de5c90d66942155fd42ff75508dba97da8ca36c6d6e6a8df5a2602fe3be047bb5612ad4e367c6c00e1e50a3

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabA314.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabB5CD.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarB4E2.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarB5F1.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\pcUHegsoxB.js
      Filesize

      14KB

      MD5

      b3c666c351a893bb81899a5f27b60f89

      SHA1

      58e90c0608e647d013930646b0dd0c7f38fb128d

      SHA256

      024c380bd6274daaf808df141a48f3c01a7c61db5839e07b31c356f6b64a6460

      SHA512

      3010141a3804e67e925360ec757e8f6eec2b168cb26699a64c8a61d1d52c33e66345ef55e0ab8b043e97b2c230066c5f97b43f3f1b2b25e5123ae1def476667a

      Download Submit

    • memory/1740-0-0x0000000000010000-0x0000000000038000-memory.dmp

      Filesize

      160KB

      Download

    • memory/1740-3-0x0000000000010000-0x0000000000038000-memory.dmp

      Filesize

      160KB

      Download

    • memory/2980-55-0x0000000000230000-0x0000000000232000-memory.dmp

      Filesize

      8KB

      Download