Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

f615b6014f...18.exe

windows7-x64

7

f615b6014f...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    17/04/2024, 15:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f615b6014fb251ccd489f7e6105dacb1_JaffaCakes118.exe

  • Size

    30KB

  • MD5

    f615b6014fb251ccd489f7e6105dacb1

  • SHA1

    3af8d5244a15a2404bccc185d70f66b7fa52b887

  • SHA256

    e7a846c73f9db4d5569b30148b80464e671f7c2476ea0ff1ecef523efaeb7a75

  • SHA512

    774591b48672ae64a253e81d31211eedb3358b1bf1c431a4ab10027c4067632433c3aa56528788fe422301a3bbc111110849f750a6a17133fbadae7a4c696249

  • SSDEEP

    768:/JYxvQCzbZLlxEEr2bc765DmODZZPZB52jN:/JKbZpeE25DmQm

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f615b6014fb251ccd489f7e6105dacb1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f615b6014fb251ccd489f7e6105dacb1_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2940
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://dl.kanlink.cn:1287/CPAdown/vplay.php
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1040
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1040 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2708

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    81d0b7671bef2084b8b7ffa7cbad3090

    SHA1

    2855bc1b4a753ff61c332ff16c2c2f8672afe857

    SHA256

    a2cfdca394802dc6782515d64b436fc1f0c57ee8efec16af8994bb187cd486db

    SHA512

    463173de844a387051641ad5314d7ff36f0fd4a5372e7bb1fad4dc78bd07c0ebc809085ddc81b5080fa4db1a358d53946e45ea590df2f262195e29520a575c6b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5dd757eeec5a7299bb7eb70838f6828a

    SHA1

    6d9ca179a568dc9f2ab5b5f2ca308dc35688fcf8

    SHA256

    1e3f10af4a016ca2fda6b99f535408c2a6891ac5b5381c45f67ac31ebd064f5f

    SHA512

    9554edd973098e4b424bae8e88a164b76be6f382126f2e9dc5244d05f03afe645ea75bf9d838cf2f5f7752c1f0a4c65b2ec60b05b1e8a33a1b2297c5b404c56c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5feb90f2d4d17ca01afca7cc48b62a76

    SHA1

    a0dc1f72feeb06c239448dec38192f7aea96a2e7

    SHA256

    3a5bc082c6549fa04e6472a89af2d523a96c3419fa030de75b25875ebc479fa4

    SHA512

    b28593345db4b0cc89099d215e206e430c5390e6a9a8b105b88bd3403f483eb5c74885d30703c46060e191d8effaab3cd6db55fd00e5412d6f4bcc42c4d3b6d3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cffe677ff1347772729c275341f1cdd6

    SHA1

    26e069925eadf05d5d23c1e1ac83541262672b49

    SHA256

    7d720f8252fc59fa00700ed02cd41db1a90c3498705ba45250ae500f4ae0c81a

    SHA512

    52fafd3341a169dff14e8f5ee43a08ae4f03b2c27022db4aa33c44d8f71bec35054b9f26d7396edf7558f72c76f6e2b191b85f22af660d12cc8133ea49960bb5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    04fe7512412528469b9fbe5b39bddd1c

    SHA1

    22dfba404dd86635d761ef46a121bacdd4419748

    SHA256

    a87c15569c3821f7b9ec361c81e61b6da7e08b2cd3804c3c222ed070b8bcad8f

    SHA512

    61f4bf640aa36d47a434b8cee4785b17a144c64d2fb6fc2455b9428f015d7fd039cbd8f5030c6e13421c40453b54c4f68a17304b593ca5f97e125616cbf351d3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f64043a2539323da75b033e5f980e54a

    SHA1

    e92071a1795d50ff0ad2182aba6f0c029d43f1d5

    SHA256

    ba11c6e1e7f0daced2acd0af7d4d94125d8363703542a57ed4de34685dc910f2

    SHA512

    d776797977837a0df36c283adbb9b2b24d7222b1e5a683b0d15b0f5a405778ae5fb9d0da79b1e807a0303c7c3dac088d07804d207984ddc655fcecf1d0595c28

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4ad1c7a58cb63da4458d27e544adec52

    SHA1

    857bd4cacc734d8b0578d72af8427901d472d0b4

    SHA256

    d9d88b49f1576dc251815305ed12e95a46d244a9b2a2fdb6a689f7ad30ee7251

    SHA512

    30a949d63abe53ac457cbbcec34011fc683182b852c4ea108eabe8329239f4e657ff7052f654ce37eeec03d0a691784c117e91b3b732e9a00fc1e0dbb1238b6c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cff704f99596ee03584d06a04debfa50

    SHA1

    0697cb9eb405cb81a115ad4da686c61f1a393bcc

    SHA256

    226022b6de4d3cd466f61ead91d62669d79beabcf4be3c766393b3e59fe38d28

    SHA512

    45071ec82287959bbce6163f5da23c6b559274c377758dcca49af7c8e7afb8f91399b4f16868544635c2b2864869dbf71f1d2434df2eb689a97faef2be7702d8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4acf6e48e7b444810342c25cbd74f011

    SHA1

    8b5f3027a2ca7b0bc0d9b1443e99213d8c58dbf2

    SHA256

    4c63ef796db2ba09712c5bcda7293eeaf4dcd274ecfc2f551bb3626d898c5973

    SHA512

    2770fc5bc2059f02e82b4530e7f6f5f7ad54dff67590971e9eaa0c145ce2f837a967bec0732428a08ca1a6d5af318c970af7c15a01846dac83d55b924397c507

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar914F.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • memory/2940-7-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2940-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download