Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
17/04/2024, 18:14
General
-
Target
f660b7279e4613eaa2f18e55a0954bcc_JaffaCakes118.exe
-
Size
2.0MB
-
MD5
f660b7279e4613eaa2f18e55a0954bcc
-
SHA1
eda18cc4e4774885bfaae2c6ea4ae2f5e49c0690
-
SHA256
b24e1c522e4cde05978e17faa213ba34b0547b5aab4e9c3f318fc935516f01e1
-
SHA512
23a05ae4915cd807520bcb4ccdafc0e0fb0a5339e946ed628d25d6e6c650628bd38f886392f828c2f70628713c3fe703eee5551676c054173218aa5b4e874670
-
SSDEEP
3072:Cqu7aslM9lhLElGtSIs48417nFdcQ4FdHLDC62ftOS2N:CqrK
Malware Config
Signatures
-
Modifies firewall policy service 2 TTPs 18 IoCs
-
Modifies security service 2 TTPs 1 IoCs
-
Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
-
UAC bypass 3 TTPs 3 IoCs
-
Windows security bypass 2 TTPs 4 IoCs
-
Disables RegEdit via registry modification 1 IoCs
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory 1 IoCs
-
Sets file execution options in registry 2 TTPs 64 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 2 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file 10 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification 2 TTPs 15 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies Control Panel 2 IoCs
-
Modifies Internet Explorer settings 1 TTPs 64 IoCs
-
Modifies Internet Explorer start page 1 TTPs 2 IoCs
-
Modifies registry class 25 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 7 IoCs
-
Suspicious use of WriteProcessMemory 14 IoCs
-
System policy modification 1 TTPs 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f660b7279e4613eaa2f18e55a0954bcc_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f660b7279e4613eaa2f18e55a0954bcc_JaffaCakes118.exe"1⤵
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\E696D64614\winlogon.exe"C:\Users\Admin\E696D64614\winlogon.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\E696D64614\winlogon.exe"C:\Users\Admin\E696D64614\winlogon.exe"3⤵
- Modifies firewall policy service
- Modifies security service
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- UAC bypass
- Windows security bypass
- Disables RegEdit via registry modification
- Drops file in Drivers directory
- Sets file execution options in registry
- Executes dropped EXE
- Windows security modification
- Adds Run key to start application
- Checks whether UAC is enabled
- Modifies Control Panel
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files (x86)\Internet Explorer\ielowutil.exe"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding1⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4008 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD580220ce7f77b2b074b785ef6cdb9f2ac
SHA1fd4ba38977926bed5363e0b3a440133b5b93c3df
SHA2564411755c0d32498392191c30db2c9ccb4ec90fbd8896d89627dca23da6c80bd2
SHA51299e38b49ed0759a80ec6c7731d109f990c156f69b6008b3f1678089cd8637f0ed463e5574a74917af47ded75a360c014ae6ef0cce6ab1afb471137faa4d934fc
-
Filesize
488B
MD5f4da31521f5caada2da2f1751025847a
SHA1a49eed8915cbc189b62cfbb8ab700a68a7db861b
SHA2565dfab476e3234a4b7a72372edce2b82d91ee255ec5c7a55b62ac08d2b124ef1f
SHA5122bd8a290c9e796c7462855641b234f7a9a965edbe2501a52c24c995de23a2f56fd46702bc028a139d965ddc03cf5ae2a2eb96dd2fd3fb9e164c4644cc90d6f41
-
Filesize
13B
MD5c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA135e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA5126be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed
-
Filesize
15KB
MD51a545d0052b581fbb2ab4c52133846bc
SHA162f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d
-
Filesize
530B
MD51e7cca7a1b89ea2980669f4adb65becd
SHA162da7767f3bb769a9b31e400df446a4698e4db63
SHA256598ad75d6e2e244b759b3f376b510f0ba560b77cc74f48351dcf2abdb7df474f
SHA512206b90eab94f9ce7260ec624ec9a8afd70bba96d4dc5d8a545a29cd73e55832196e509523da1123c2279eb4cb63fef429e28a3438a268dd3fabd1fd949caf1c4
-
Filesize
24KB
MD543c872a309e716c0b6083e15afe3ad2c
SHA108bf19acbed809aa75fa9548bace9fb12b9e9335
SHA256ac0de4a9046a10c30430f310db6f46c09a8031dfedb6da041b3f9ebb48a9c3b7
SHA512c1684c7bdbefa8638e432d97346d8bd9a5f919442fb6ce45fd4c86d204a902fb1715d48f01c32ef5ec1981615d0fe479d8dab8a9744ab6c7e95ad3dfc78b82ba
-
Filesize
498KB
MD5e9ccb3dbde79ba5ffdf9cad4b32d59fd
SHA13a8cd67adc7c885bdf683f1e7f491e6a4a50679f
SHA2568f2c6777c7ccc01ab67290fa8acd5a4c4866be64129f39dfaeb9197dfa15e137
SHA5125ca7c8439030c9b4b966760c660640a094b0d6e30e10df85d7b900c6f9108b0e309298ed93c006634bb3f437bab3cff1b83a5d1b18c666c04346f0856294c461
-
Filesize
66KB
MD54998fe22f90eacce5aa2ec3b3b37bd81
SHA1f871e53836d5049ef2dafa26c3e20acab38a9155
SHA25693fcbfca018780a8af6e48a2c4cd6f7ad314730440236c787d581e2cef1ab8f8
SHA512822158dac2694341f6cf5c8f14f017ac877c00143194d3cd0a67ffd4d97f9bf8f2305e33b99fa12f62eee53ba18029541c0601ea5496ff50279d1200cfa03232
-
Filesize
55KB
MD5eb4bc511f79f7a1573b45f5775b3a99b
SHA1d910fb51ad7316aa54f055079374574698e74b35
SHA2567859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
SHA512ec9bdf1c91b6262b183fd23f640eac22016d1f42db631380676ed34b962e01badda91f9cbdfa189b42fe3182a992f1b95a7353af41e41b2d6e1dab17e87637a0
-
Filesize
102B
MD5701c50fe2f9d8cfca61542dee7684552
SHA1952a04f81a291e11f5d4ecd7364a3840412ba65e
SHA2569fc5dfc54de18e9c98733bbea6ebdcbc1f01c0b23f985556f24684ee96dc0582
SHA5125ca3c342f4be563ee68235f32bcb8b25b62215a961b903b3568c496fcad4508b9408fbde00c6592085a819826630462863630f888fe73348f13fc037a9ab2c99
-
Filesize
51KB
MD5575b5480531da4d14e7453e2016fe0bc
SHA1e5c5f3134fe29e60b591c87ea85951f0aea36ee1
SHA256de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
SHA512174e48f4fb2a7e7a0be1e16564f9ed2d0bbcc8b4af18cb89ad49cf42b1c3894c8f8e29ce673bc5d9bc8552f88d1d47294ee0e216402566a3f446f04aca24857a
-
Filesize
6KB
MD5a8aaf7077358bad87ba85350544c9765
SHA1bf10550f4bbdde08d7dbb988190d1751727c8290
SHA256ade55af9d9533b6e58a1ef8bb23f3a9a82259baa87f179cf2f777590fbf5aae4
SHA51263c0f0781b17d4929fb3e6c5161c9b98c6bbec76bb7131253263ff9c49b3d2cd6624de10dd8c6f35680a3cbb7cf58292980a03459dbccff688913c7d36b50245
-
Filesize
261KB
MD5d2a24a3a7e6824409e51f8a2950afbfe
SHA1fd2ffbd756d7e8b274b08858b464dcf33c31fc73
SHA256cfb8cb490d9f9a5870b77508852a6d8ab6875b341bc5be3b60e0eaccf2b39308
SHA512ce2d33384360c236534210f2daac1985078f3ccbb7ccaceac80820d9445cca2c04fd3e573bd3bc0d8ae51218affc06b56b4fc702e0e65f3c73c2f1c2561b327c
-
Filesize
16KB
MD5adda182c554df680e53ea425e49cdf0d
SHA19bcac358bdab12b66d8f6c2b3a55d318abe8e3ae
SHA256d653648b9d6467b7729f0cea0c02e4e9f47323c92a9fcdbcb12475c95ac024df
SHA5127de2140ee3859b04c59a9473129c3acad91022962d46ffc63529bff278661f0e106a16dde90e8db523f826f82e7c20ad9b23f45a25e81932fd2d8708b616fba2
-
Filesize
16KB
MD5642d45886c2e7112f37bd5c1b320bab1
SHA1f4af9715c8bdbad8344db3b9184640c36ce52fa3
SHA2565ac87e4cb313416a44152e9a8340cb374877bb5cb0028837178e542c03008055
SHA512acda4fedd74f98bcee7cf0b58e7208bdb6c799d05fa43b3fb1cd472e22626322f149d690fe5f2cdc8953244f2899bebe55513b6f766a1f4511d213985a660c3f
-
Filesize
9KB
MD5defee0a43f53c0bd24b5420db2325418
SHA155e3fdbced6fb04f1a2a664209f6117110b206f3
SHA256c1f8e55b298dc653477b557d4d9ef04951b3b8ba8362a836c54e2db10cda4d09
SHA51233d1a6753a32ec06dcfc07637e9654af9321fe9fa2590efc70893eb58c8603505f2be69084fb2bcbf929218c4e7df9f7a8bc3f17a5b41ed38c4d8645296ebab5
-
Filesize
165KB
MD565760e3b3b198746b7e73e4de28efea1
SHA11d1a2cce09b28cffc89378b0a60cbb1aa8a08c4f
SHA25610e40ea3a2ad69c08d13e194cf13eb4a28a093c939758a17a6a775ef603ac4fc
SHA512fbcb91f26b7bd874d6a6a3b1d4d6f7277ded091cdae5706c285b4d5d17446a1bf58572c224af38393ce49b310a51d5c5d60711c7094e5d32abbaaf10d1107e1b
-
Filesize
1KB
MD5a5bb75d5bd1b19def25c1dd4f3d4e09c
SHA1d0c1457e8f357c964b9d4b6c0788e89717fe651f
SHA256ff0689879c72300a01eae0c05c3205e2ca57c4bc1a6bfa0718fa6fea4a51627e
SHA512b9fc57f7ade8f34cb02ece2935acb30757ed846e4bcf81d3fcf5bfcb45611d386bd337a6337e9945c5654cf044dce4dd3fafd60a2b42ed5bdc857ef96d077a69
-
Filesize
34KB
MD54d88404f733741eaacfda2e318840a98
SHA149e0f3d32666ac36205f84ac7457030ca0a9d95f
SHA256b464107219af95400af44c949574d9617de760e100712d4dec8f51a76c50dda1
SHA5122e5d3280d5f7e70ca3ea29e7c01f47feb57fe93fc55fd0ea63641e99e5d699bb4b1f1f686da25c91ba4f64833f9946070f7546558cbd68249b0d853949ff85c5
-
Filesize
850B
MD51613f25e7a73976f440bd3c174bc1dc3
SHA1ffa5be6619ae6109c6e412186e0f12b8d8a73cd9
SHA256091a7de491da06df67c869b9905c1d028eb2816e68360c0b5b7a4fa8ce590322
SHA5124b6186a03368bf246c04af801962c19f4ffb4fc06fc493b6f5027a97a084b3d9094d6371622459ff63772bb86feca587984c4b68f314bc747164f5854a078b07
-
Filesize
35KB
MD52a54216c1386e5bca1e66f08da19b7b5
SHA13c6585dec378e866444b5edfc14c8efd1cc42ae7
SHA256163f56b3b6e604ea7f6aae49c6f6069fc9626233680d09d8a1034440d93d4ac4
SHA512c44e17bd3c75b302a2f8054262b93dd3f8f739876d2718158d8c72e824b7fe1a9c8b85bd530ad524782030231810bd68402b18d1f8ea302be01a14f1c347742f
-
Filesize
12KB
MD5a2d42584292f64c5827e8b67b1b38726
SHA11be9b79be02a1cfc5d96c4a5e0feb8f472babd95
SHA2565736e3eec0c34bfc288854b7b8d2a8f1e22e9e2e7dae3c8d1ad5dfb2d4734ad0
SHA5121fd8eb6628a8a5476c2e983de00df7dc47ee9a0501a4ef4c75bc52b5d7884e8f8a10831a35f1cdbf0ca38c325bf8444f6914ba0e9c9194a6ef3d46ac348b51cb
-
Filesize
196KB
MD55be9959d60f5a26c6e9cda2dfb893641
SHA17ff7cce1ae46dc507b2a40d5d3fdd4398a5dc52a
SHA256bdd40e840230a4848959e746c79a13eb0e04646d8e8ae88458d9cbb2bdee2cac
SHA5125504c0bd57e3891ee6de2729c5a5e5c6596c51c22ff79f9db6e1bb40c9aad9dd19711f24f5dde26bf4882864c1d105ee2d22da7efd07490301795210932d822b
-
Filesize
7KB
MD56237a3b29ed3014d7c80d8636113212b
SHA1d4645e3403a658dffc36efcdc26f1990ca5c2c78
SHA256d8dfac945408699c679c04608862ee54642e5900ac9096c347a5eb41b66f6b10
SHA512206b18c8edf22ca217a16aeceda71157d571f1bb1ec798325baab00fa953e688e21388e93e953ce4db8aa0af2295705cd121e489b2615f36e179f9429f739392
-
Filesize
5B
MD583d24d4b43cc7eef2b61e66c95f3d158
SHA1f0cafc285ee23bb6c28c5166f305493c4331c84d
SHA2561c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
SHA512e6e84563d3a55767f8e5f36c4e217a0768120d6e15ce4d01aa63d36af7ec8d20b600ce96dcc56de91ec7e55e83a8267baddd68b61447069b82abdb2e92c6acb6
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
Filesize
34KB
MD54d99b85fa964307056c1410f78f51439
SHA1f8e30a1a61011f1ee42435d7e18ba7e21d4ee894
SHA25601027695832f4a3850663c9e798eb03eadfd1462d0b76e7c5ac6465d2d77dbd0
SHA51213d93544b16453fe9ac9fc025c3d4320c1c83a2eca4cd01132ce5c68b12e150bc7d96341f10cbaa2777526cf72b2ca0cd64458b3df1875a184bbb907c5e3d731
-
Filesize
34KB
MD5372d0cc3288fe8e97df49742baefce90
SHA1754d9eaa4a009c42e8d6d40c632a1dad6d44ec21
SHA256466989fd178ca6ed13641893b7003e5d6ec36e42c2a816dee71f87b775ea097f
SHA5128447bc59795b16877974cd77c52729f6ff08a1e741f68ff445c087ecc09c8c4822b83e8907d156a00be81cb2c0259081926e758c12b3aea023ac574e4a6c9885
-
Filesize
23KB
MD5ef76c804c0bc0cb9a96e9b3200b50da5
SHA1efadb4f24bc5ba2d66c9bf4d76ef71b1b0fde954
SHA25630024e76936a08c73e918f80e327fff82ee1bd1a25f31f9fce88b4b4d546055d
SHA512735b6470e4639e2d13d6b8247e948dbd6082650902a9441b439ceacc4dfce12cd6c9840ee4c4dcb8a8f1e22adb80968f63ace0c0051811a8d6d1afb2b3c68d74
-
Filesize
84KB
MD5c9f5aeeca3ad37bf2aa006139b935f0a
SHA11055018c28ab41087ef9ccefe411606893dabea2
SHA25687083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
SHA512dcff2b5c2b8625d3593a7531ff4ddcd633939cc9f7acfeb79c18a9e6038fdaa99487960075502f159d44f902d965b0b5aed32b41bfa66a1dc07d85b5d5152b58
-
Filesize
3KB
MD551b8b71098eeed2c55a4534e48579a16
SHA12ec1922d2bfaf67bf3ffabe43a11e3bf481dc5d7
SHA256bd78e3bcc569d029e7c709144e4038dede4d92a143e77bc46e4f15913769758b
SHA5122597223e603e095bf405998aacd8585f85e66de8d992a9078951dd85f462217305e215b4828188bf7840368d8116ed8fb5d95f3bfab00240b4a8ddab71ac760d
-
Filesize
2.0MB
MD5f660b7279e4613eaa2f18e55a0954bcc
SHA1eda18cc4e4774885bfaae2c6ea4ae2f5e49c0690
SHA256b24e1c522e4cde05978e17faa213ba34b0547b5aab4e9c3f318fc935516f01e1
SHA51223a05ae4915cd807520bcb4ccdafc0e0fb0a5339e946ed628d25d6e6c650628bd38f886392f828c2f70628713c3fe703eee5551676c054173218aa5b4e874670
-
Filesize
268KB
-
Filesize
252KB
-
Filesize
252KB
-
Filesize
252KB
-
Filesize
252KB
-
Filesize
252KB
-
Filesize
252KB
-
Filesize
252KB
-
Filesize
252KB
-
Filesize
252KB
-
Filesize
252KB