Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

fbcff06b38...18.exe

windows7-x64

8

fbcff06b38...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    141s
  • max time network
    133s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/04/2024, 03:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fbcff06b38e4ac7bcb904bdad1f9bdb9_JaffaCakes118.exe

  • Size

    11KB

  • MD5

    fbcff06b38e4ac7bcb904bdad1f9bdb9

  • SHA1

    b4844e4398344a035507bb085353d8cce62739cd

  • SHA256

    f75b7535365c80c14523f074f5007fc6769e0453562d369362dff9c7e52874e5

  • SHA512

    29399e1558e4cffc128b38ba87d39d82184a971c4ab4baefc5ce452d9e03ce8f8515e9b41dc1038df65c11bbaec08200da42dfdc631820a1ea945b2ec4959a1d

  • SSDEEP

    192:S06iazzoKkrt/F53lGHuL3/E/GCizES4TN/o/04qcB6bdhSz46OXddIxa4sy6kp:S06ih3t/rgOL3/EZiw5o0AadUz46OXdg

Score
8/10
persistencespywarestealerupx

Malware Config

Signatures

  • Drops file in Drivers directory 22 IoCs
  • Manipulates Digital Signatures 2 IoCs

    Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

  • Modifies Installed Components in the registry 2 TTPs 3 IoCs
    persistence
  • Drops startup file 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops desktop.ini file(s) 64 IoCs
  • Drops autorun.inf file 1 TTPs 4 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fbcff06b38e4ac7bcb904bdad1f9bdb9_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\fbcff06b38e4ac7bcb904bdad1f9bdb9_JaffaCakes118.exe"
    1⤵
    • Drops file in Drivers directory
    • Manipulates Digital Signatures
    • Modifies Installed Components in the registry
    • Drops startup file
    • Drops desktop.ini file(s)
    • Drops autorun.inf file
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3296
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
        PID:4888

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Jilu.txt
      Filesize

      4KB

      MD5

      17ac4cb365920e2d43bd1e9cbbb1dd33

      SHA1

      210234702c0baa07c10d8953e85d8d10458cfb0e

      SHA256

      64b5269b2e5b9fb6e3f751c4acf9eba8c49d1ab2f426b9b54f691fe80a03e233

      SHA512

      52a18901e8bf07ae43160c78004c1a31a884f51bddffe4b5d0920fb86f3a70733b65ee9a9360f72ae934961f3dfe7d9dc415191ec49d8e6c57ea3ff05b5bbd88

      Download Submit

    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\AppConfig\CreateAppSetting.aspx
      Filesize

      3KB

      MD5

      bf6f6901b7f70ad8842fc2f3be213aa6

      SHA1

      e45bded84c4fc25f84004afba058b0097799af8e

      SHA256

      d9328d2967b697533ec040317dd70e3651c9a44210da1ed978a4b8e5597dc2ee

      SHA512

      6839ca885820f8ba901147a725618b8fcba46c02a1bfea02c34b0d32c3017a62ecd6bb93c7046d88e77cb730d986dccc1da6360e2aad871321f0e4724ccb6cf0

      Download Submit

    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\AppConfig\EditAppSetting.aspx
      Filesize

      2KB

      MD5

      3dc3ec21e9edd8c9d2d52c6ce0bb3e5a

      SHA1

      a0ac3f8a970e1ff5d8bb86d2a7be0926cda8ad0d

      SHA256

      b2acad5ce3e2060b8f92e1421e253b432c255cb8867de1db6115702afd2f3fc5

      SHA512

      c714028e16f50b2aa9511701f52b2d9e7b8d0f2bf07dc0e226d2002b09d7b72a64445737f3c0054b5d3d9faa4d043323a10f262fb9cba74bb3a7adde5bd60001

      Download Submit

    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\AppConfig\ManageAppSettings.aspx
      Filesize

      14KB

      MD5

      55eae5d2fb72223fa3fe71d82745bd9f

      SHA1

      de9f7907ffb13acc83f17594ab1d34d596144cf8

      SHA256

      79141e881a5abb763614dac04b029e645cfa4d1f1a3623f1048c657e2fe4a4cf

      SHA512

      55f4511499f628485aaa79baa528bf3a981a5db7912445394b98540a6fe8789c768eb3dc760ef8e37665ed0d8f345c110657684d11fdef8b4c8d50f4766b2a9f

      Download Submit

    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Providers\ManageConsolidatedProviders.aspx
      Filesize

      12KB

      MD5

      0e1dbac67a1c5a71c49d0c5e1fde8b59

      SHA1

      2e88debe7ebf900a8b3e618d12ebe0bc3eb929a1

      SHA256

      d0f5a0a25faf3d12565292f5b38848ca53b5397af0b7529d259e36b9d21eef35

      SHA512

      2bf3c1bd7095dd39c0c8db9d5811a54c4f3ea94e4607d5c5606bfaeffd5cf1df64d1a6b14e10ec4628d53cc94fc0472eb619469faf224cb2deeec42c15deae66

      Download Submit

    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Providers\ManageProviders.aspx
      Filesize

      9KB

      MD5

      edf0afdc0128d7f629fed0faf2579a81

      SHA1

      e5aee733e3dce326f122c2c3c35a7359b1754fcb

      SHA256

      800ce0a74b1cec0e7f13290432c7de48f90f7efabf1003db8e87ddc5b7cf7a52

      SHA512

      5ff249e68d50bdacaec6e9d4c0c1c37cbcb9ff29682cd09dd7a53ece2b3e61d9a38f32775d14b5ba1e825a9cf47e8157a7a20532a8df49ed2a121b803a4c8b24

      Download Submit

    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Providers\chooseProviderManagement.aspx
      Filesize

      2KB

      MD5

      bec2c348aae4e370a119304b7089fab5

      SHA1

      cf4286052402d47d67fa63b22d523427b90fe7fd

      SHA256

      323889556cff285b78a3e55c7df3d03e4d5fab4c41bcc4f9a2d96e9a62b155ef

      SHA512

      395829fe62536674f16ba76e3030cfec449aada4d081d7b2cd0697876a8db2474b05bf697cdd49eff250dedc34d9dde4a69daa8c76be6a3f5754f024cfa3342a

      Download Submit

    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Security\Permissions\createPermission.aspx
      Filesize

      10KB

      MD5

      cf26386ce9fc8b90cfff4d9380a8e527

      SHA1

      71d4c6f5acc0e35dad26dbc0ee8c265e36acf254

      SHA256

      8d18e110498599912b227282f70656f608755303b8acbaedfc1ed66ca94a3a57

      SHA512

      4fcef6795d625f07a79e1c344e9430d762981bd0b518ec49a2016a8806243e8f5f84aec6bcba1ccab494f8e39afe8a38d6e39463741649c354f649d461260aa7

      Download Submit

    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Security\Permissions\managePermissions.aspx
      Filesize

      21KB

      MD5

      a49a8994e1d3c8440b1ac9edd6cd2b3a

      SHA1

      0db4ef18a268b4e6714f22dab1d935422e1ad718

      SHA256

      1cd8827d0fa815c7c3e74a4267edb94b7e2080831c48356395aacbc703aef5bd

      SHA512

      684275aa2e5ea9dd3e968cf3756efb4e6a3f851b84e5c54e3bbae7e7ddba213850e98b4e14e17b57dd1c9a8ce7d9ffc1672704b564c2bf81cc0ad155c533f8d7

      Download Submit

    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Security\Users\editUser.aspx
      Filesize

      11KB

      MD5

      0fbc61632974f6f29b389af69737faeb

      SHA1

      c6548ce17d48b0301938e3607ccc5ddeb6a29afe

      SHA256

      ea2e659f94962c0f2a1979d97f40f21a3bb69e16efd4f2e57fac9697f6e0be0f

      SHA512

      e09574ac51bf44175ef24143a16e80254561edf0b73f813bc8f453ee30ddb06c93e74ace3fdadc6b96f8a115bae4c2efc6cc3ba3bac79e7cf612799da6506770

      Download Submit

    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Security\Wizard\wizard.aspx
      Filesize

      10KB

      MD5

      3b807ee26c98b495a919961b5e212926

      SHA1

      de9def29b45a9194ce09c276f34fdc6dd2377fec

      SHA256

      dbfe9720eaf3ed06618c3825e235cd685a7e49e321d5ce41b76d32716024dfa6

      SHA512

      d188399a76b16402a569a94973cd94c6bce9592efcb0ce07178214fab03403b16bd2766e21e0a1aec2d6ce13ddaf35e58848bd9ca40605aeba9591d0900c90f1

      Download Submit

    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Security\security.aspx
      Filesize

      9KB

      MD5

      49626189b170ef1f616fedbb8e9659fe

      SHA1

      6df320f02e0d792db7a9270bdf26e1116351bd2d

      SHA256

      86ad023b154bc56f0479808fdf3d462076c2f721ee896adf45439423ebabc435

      SHA512

      9c212d2220109b8375a366bf0bc1caa3446a26beab856c496b9699771d4786e5c51a3e1753942529d23545a16008e5e7ef8cf04451892691bc9dd2b9d85f6933

      Download Submit

    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Security\security0.aspx
      Filesize

      1KB

      MD5

      b62de344039504b0b7e9ecab12a1ddc6

      SHA1

      11699ed72e4a0fb9d5eed0bbbf1f7178f232ad67

      SHA256

      58061f377a32f4f7c17f754045f858ff470cfa4a709e98e67ef073e9de4c7864

      SHA512

      3f210258f81a22db9132027499bf655bbdb1c2b5d09552901f986a20b7586cf8a09d33d736db4b78a49f8ea2ea5b85ef2e7412d4e8a8ab01f213a1a98f56ae57

      Download Submit

    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Security\setUpAuthentication.aspx
      Filesize

      2KB

      MD5

      117e3c281379bb081f92c8e89bc80907

      SHA1

      be5812f2261db2102209720cc7828bd27fc7e4d4

      SHA256

      e7cec71c01d3b7c1d0746a0014a948bd1ce69c5329b5c1ef0b984360a82644b2

      SHA512

      4ae89f89af79dc59341d4a43956e61b45d7a3dfce1584bca6ac99968027689cdf45a13442cd826c06d09598cec43e674d13dd49c3a0100fa375f1acad5c0b2f6

      Download Submit

    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\WebAdminHelp.aspx
      Filesize

      6KB

      MD5

      0810e56f14150a49f329fd814e44681a

      SHA1

      6274a45877ec782cf2d81c8682593a0318b98313

      SHA256

      43745e2610184e8a962f1618db51f58bbd82572a8fa01f67bdf520a579f1c079

      SHA512

      8b06819f3b3124c1a8c7205231eb4bb8628f98a42ef73698954afbc8b7e67cc5180352fe582b1c386cb2991d446e92835db1d6f55935ab8b1b4ddabede2e2121

      Download Submit

    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\WebAdminHelp_Application.aspx
      Filesize

      13KB

      MD5

      cd84b119ebffaba74773617033cb6674

      SHA1

      7b0e335b8b678704566e0f216bc62b0e6655acc0

      SHA256

      466351c7e536669c4f42bd366ac43db91dc47e5b7f95af56507cb3294d0c1419

      SHA512

      fd9e7525c9b363d487edc5b14b9a68cb28ee5632cbb046726f15868d288bcc776d40e031c3af2fcbadee08cf83208160eeeda18caa1bd49f9fbedd6f30cf9af1

      Download Submit

    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\WebAdminHelp_Internals.aspx
      Filesize

      4KB

      MD5

      ed4bf7a3d573a2f74174f4b6b2b3ce4e

      SHA1

      9eb14f7ffef1b9a1efdf67712758a579f7625a3a

      SHA256

      fce41934a2771525c68c524d90427f7e246ebe25bd407be2ca87b8eb28c81eab

      SHA512

      57b631db6887288d442eb529bc6c24b692c7d276b56c7952af3ab5e95f54765613e4dda03fd1297b2fb7d2bbd06bc837da76b4f1fa1115c3fdb43539b7bffef0

      Download Submit

    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\WebAdminHelp_Provider.aspx
      Filesize

      6KB

      MD5

      9ee37bbd48ff7a1a68456b117b0a303b

      SHA1

      4561b070fadc2ba68d41f46560bd77ecd196b0a4

      SHA256

      80f4235cdf0ef650b6b58dbdacaec6e5720eb4679f28c274861660d08c9514f6

      SHA512

      1bc598aa04668826e93e4c2709fff37192105932c0e62b05fafe913986d675c7f1c12af2f45af4a8be41a74a95b393511e0e56173a6eb1388169f8409240bf18

      Download Submit

    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\WebAdminHelp_Security.aspx
      Filesize

      10KB

      MD5

      bc8c570bc0f2b3a7b840c068657fa6b6

      SHA1

      74e3b62dc1d8e7eb6e4403ce70e9eaab6af33355

      SHA256

      cd894ffde7a140b5d032a29ec43694a5d133448104cf79db87c866f7820d955d

      SHA512

      eeb5dce278690e4a57569b1a8fb3df126930b8106106c0915ef9627bf4f744a1024b56c7b7125df0e00e47dcb99ccad6f4d31713aa293869125ce3529e370b36

      Download Submit

    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\default.aspx
      Filesize

      4KB

      MD5

      cb6ccab77622fa57c7fa8c99dd5c8cc5

      SHA1

      0631987814aeeb4b88974ff10f0311cfe4f87ef6

      SHA256

      0c220ffa13badfd659c6747258b451f07ad9150304e731eea9bbe6d24739b0d8

      SHA512

      fa5e40d949235e1b3b2aace3e8c8c79dc6940b0c31aa2004bb352a463a6ed186bc876bc6e6ab0714403649b6235a6a47a2fb7afaec100c429b2eea6b2efcf3b9

      Download Submit

    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\error.aspx
      Filesize

      6KB

      MD5

      b4ecddf369366bfe52e9cba8d0bedc99

      SHA1

      af4c5407dd2ed37b639e79a6154f567636036ee8

      SHA256

      78f0a199d86fee526a7135a1cc442c4955d683688b902d38328c1d6b53c1940f

      SHA512

      57cb8bf7d6a3660cb09b10bf2b790ae789d52d9f8aae08a38ae1d1d9e12ce20fbb8f1e4eaa8fcadac49c289d4ca545ddc89dc09210c48788059fcaf9a27fe5d3

      Download Submit

    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\home0.aspx
      Filesize

      1KB

      MD5

      d9881ea1ea38b56c4130d2a28e8b4337

      SHA1

      31e5db83ddb68d283684adeecd47bb84aadb1a2e

      SHA256

      b4ba4ba3f832a667ef50e211655396cd0c49f193956a58a8ab0c74e208c63ae1

      SHA512

      c98fa43c3f026c9fa7a4a52a2693eb7ccf09e355d5a81baef2aee8b0612dc92080f960f7bfa598d5d01933334641012dbada4ce6cd5f1684bdda25b1186b9d86

      Download Submit

    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\home1.aspx
      Filesize

      817B

      MD5

      b68eff3595c120f016ccd89df416f8eb

      SHA1

      eb735b03325d735ba0f6200543c3458b73547a23

      SHA256

      05127968f649098c105f24b04c04f8d67169f4de3f653f72ba5b722cbbfce090

      SHA512

      64ddb97022f4be63a994c1781fb3d98385f611c35ae05cf8013ac42d9381c703fdae48bf117eb44be8c3efd0fd0d88685c07b72c8457d173e78b3c26ea3525f2

      Download Submit

    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\home2.aspx
      Filesize

      1KB

      MD5

      e2a262b41c4a32497031cf5848d9a2c9

      SHA1

      7f6a242757bf718f4db296287e17471fd7cfe227

      SHA256

      784fa62464b85e13965d74e1f5216628a1b6fcb77aec811401bba6f88294a9d2

      SHA512

      d17aae2ffa0827de63ee12dece114a90738f53266a3f93e3d9d2cf95d1f23eba04e0067270e1588a71f2ac42def615815408bcbcf8d6de7bd7806c3f58894cab

      Download Submit

    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\DefaultWsdlHelpGenerator.aspx
      Filesize

      68KB

      MD5

      9e4eb001ebdb502833796b593dd475bd

      SHA1

      92b05f9a5887e349bbc478eb57f94234381c3417

      SHA256

      4e32479ccb6a9567cc9fdcd37e36ea723d7c616d4b1058fb4fecdc17e78bbc12

      SHA512

      af7ce86d4e393965585e9295a85dd48790eb373650e3c75895c9690329f5bbc469ad242493fddb6fc994ed800d890a80ef2346021b6015a518daaf5c7392c308

      Download Submit

    • C:\autorun.inf
      Filesize

      91B

      MD5

      1ecbee74203c68e028f33401bf4bbe36

      SHA1

      d61cb792dbf96b5a9b4d72367cb1150ca2618279

      SHA256

      05b04e8a590868f3fb7386de34a72288b90531d5d067bdc40f954a2736706293

      SHA512

      35620ad6fe8c69154311d71bd2459aa0048d8b98e24b4c5bcd8bc73780ac2b45cf7eb2e8adc0b8dfaeec2f54c0141ebe93a00bfb999ab17ee7d24948a6082960

      Download Submit

    • C:\vcredist2010_x86.log.html
      Filesize

      82KB

      MD5

      6c07e9e2d6621105cfb1458cda118951

      SHA1

      ad36e673ac77d211a2743ac498132d8381cbaaa3

      SHA256

      05fa0c6167fd9c207da904277665c7f87353629afa7df1495b6c10fdfbc8e8fd

      SHA512

      a131a066b63205863e692207581c9ef363322c6ea066570e27c7d0ed06b1ead84f172ac9e82899ea7df5cbb86f85044749d8d471426b5256989db024c53db0ad

      Download Submit

    • F:\Xiaohao.exe
      Filesize

      11KB

      MD5

      fbcff06b38e4ac7bcb904bdad1f9bdb9

      SHA1

      b4844e4398344a035507bb085353d8cce62739cd

      SHA256

      f75b7535365c80c14523f074f5007fc6769e0453562d369362dff9c7e52874e5

      SHA512

      29399e1558e4cffc128b38ba87d39d82184a971c4ab4baefc5ce452d9e03ce8f8515e9b41dc1038df65c11bbaec08200da42dfdc631820a1ea945b2ec4959a1d

      Download Submit

    • memory/3296-0-0x0000000000400000-0x000000000040A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/3296-343-0x0000000000400000-0x000000000040A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/3296-4822-0x0000000000400000-0x000000000040A000-memory.dmp

      Filesize

      40KB

      Download