Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

fe043a8a6f...18.exe

windows7-x64

10

fe043a8a6f...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/04/2024, 00:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fe043a8a6f140f41b505113bb8ed95a5_JaffaCakes118.exe

  • Size

    944KB

  • MD5

    fe043a8a6f140f41b505113bb8ed95a5

  • SHA1

    1f3480f69adb3eb963ea19e17cca92a07a21c777

  • SHA256

    50fe211af4c35fdfc2800374ce93abcca854aff9c0bd2443646d6b2badaa6379

  • SHA512

    ce321dc886fd1a39948186cafdec0f533ddeb7d2c03aecb80760537666727efc63149eb74eff2b4793e9316ac9b505be978e45aa2ca8878faf521cc394ec0ada

  • SSDEEP

    24576:vtmwccu2gQvgSsVSsLJeEdqcIu1MkFJ3y:vgwccqQvgSCSstLISMk3i

Score
10/10
neshtaevasionpersistencespywarestealertrojan

Malware Config

Signatures

  • Detect Neshta payload 5 IoCs
  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    persistencespywareneshta
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 1 IoCs
    persistence
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 5 IoCs
    adwarespyware
  • Modifies registry class 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fe043a8a6f140f41b505113bb8ed95a5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\fe043a8a6f140f41b505113bb8ed95a5_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Modifies system executable filetype association
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:3880
    • C:\Users\Admin\AppData\Local\Temp\3582-490\fe043a8a6f140f41b505113bb8ed95a5_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\3582-490\fe043a8a6f140f41b505113bb8ed95a5_JaffaCakes118.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:840
      • C:\Users\Admin\AppData\Local\Temp\5B0D6A4A-BAB0-7891-A534-F0910F7AED3C\Setup.exe
        "C:\Users\Admin\AppData\Local\Temp\5B0D6A4A-BAB0-7891-A534-F0910F7AED3C\Setup.exe" -490\fe043a8a6f140f41b505113bb8ed95a5_JaffaCakes118.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:652
        • C:\Windows\SysWOW64\rundll32.exe
          C:\Windows\SysWOW64\\rundll32.exe C:\Users\Admin\AppData\Local\Temp\5B0D6A~1\IECOOK~1.DLL,UpdateProtectedModeCookieCache URI|http://babylon.com
          4⤵
          • Loads dropped DLL
          • Checks whether UAC is enabled
          • Modifies Internet Explorer settings
          PID:4416

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROTE~1.EXE
    Filesize

    86KB

    MD5

    3b73078a714bf61d1c19ebc3afc0e454

    SHA1

    9abeabd74613a2f533e2244c9ee6f967188e4e7e

    SHA256

    ded54d1fcca07b6bff2bc3b9a1131eac29ff1f836e5d7a7c5c325ec5abe96e29

    SHA512

    75959d4e8a7649c3268b551a2a378e6d27c0bfb03d2422ebeeb67b0a3f78c079473214057518930f2d72773ce79b106fd2d78405e8e3d8883459dcbb49c163c4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\3582-490\fe043a8a6f140f41b505113bb8ed95a5_JaffaCakes118.exe
    Filesize

    904KB

    MD5

    d70cf342d6e54d20bfd2d220bc538e96

    SHA1

    906dba6213a0436677ef363054be294cef20cbba

    SHA256

    1770e50f7fa6463bf4627193389a7e51b8590a66bb4a372732f9aedf9943934f

    SHA512

    e7003f1efa907f97cf9ff849234975cdf7a7c46aa8af2f9799462e035133b1eb0ef8b9802c2be76fc88227772df77e8cee984cdecae21479a05d8304d2a326d4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\5B0D6A4A-BAB0-7891-A534-F0910F7AED3C\Babylon.dat
    Filesize

    12KB

    MD5

    edec4b2f9a4d941dd0dfd1e18a855ab7

    SHA1

    1a73a278a2a4e5f8b66b30296644eb91b3849514

    SHA256

    c388368dcaef4637345d6fc4e94c81c27b7d8025603e24e7621731c390402d3f

    SHA512

    45830977e552f3e917aabe869212ef865a95325405a21095a818f3458de008ee239f099e49cc8092fd37bcedb265b879f0d81e21e3a0cdf7c289671ee35ba36b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\5B0D6A4A-BAB0-7891-A534-F0910F7AED3C\HtmlScreens\pBar.gif
    Filesize

    3KB

    MD5

    26621cb27bbc94f6bab3561791ac013b

    SHA1

    4010a489350cf59fd8f36f8e59b53e724c49cc5b

    SHA256

    e512d5b772fef448f724767662e3a6374230157e35cab6f4226496acc7aa7ad3

    SHA512

    9a19e8f233113519b22d9f3b205f2a3c1b59669a0431a5c3ef6d7ed66882b93c8582f3baa13df4647bcc265d19f7c6543758623044315105479d2533b11f92c6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\5B0D6A4A-BAB0-7891-A534-F0910F7AED3C\HtmlScreens\page0.html
    Filesize

    1KB

    MD5

    cf33120dd42cee842d96532843bb1961

    SHA1

    1db4f3e0aa1e4036a078a05f48fefdbb8744e3cf

    SHA256

    783a0e39d4a751462e26e4acfcf6fb4953f818980ad3d7d7fb821ac35c00c29f

    SHA512

    889d4043672b551a08979054add55bca4c5a4438fef5189b1ecf309c803ff1468664ed1123b0d22ceecb21a7bc5cfbf85a7428ed72ad7be04596185432aa68e3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\5B0D6A4A-BAB0-7891-A534-F0910F7AED3C\HtmlScreens\setup.js
    Filesize

    14KB

    MD5

    d198249f251b01db774ac4cfd0befe31

    SHA1

    0d2d6e983169fe90ed0158c4422c1d2fd67cb623

    SHA256

    379a9716d8f13827dc10ec40733d9e32b2a6d4a42968fdcea9c14f5383673fa5

    SHA512

    039fd85d6d9ed22bfcd2e1e9b071018a5ac834a76a7b5e2b938dad346300e78fbac1b05858aa9c4632dbfee24551a4c3d59e50729ef73c9fc38430caf25c178f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\5B0D6A4A-BAB0-7891-A534-F0910F7AED3C\Setup.exe
    Filesize

    1.7MB

    MD5

    0a5c0c819aeb95a648b4b25f332ca39a

    SHA1

    2f7f92f0eeb0c8353bacb26bc12fed71822de7e9

    SHA256

    6e1e3da876e5a4ac05420a63e10cbb395916ed741d42ed356a4e958265e24e5a

    SHA512

    4da63c6e7987d670b94901565c1509b212eb00a956ce24f3e0f69afc94f9e2ece724ae1efee2f6218028a54e5f860e95dba5520eb7ed938206748ba295b6f920

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\5B0D6A4A-BAB0-7891-A534-F0910F7AED3C\SetupStrings.dat
    Filesize

    88KB

    MD5

    3c72fdc53ad2bc291021a1e7535be489

    SHA1

    1b0496a042efdf77a69d06e7a19fc6066c9e6a30

    SHA256

    ae4d1010067384f780c4344628f6584982babb3d41bb61456a6e3182e47e8f55

    SHA512

    a2c3a61923fcc18a7ef18c823ed3655a9c9a8d06960e4b991de6b1e12adba9f5c12773fc93093af5b1758916a029390e95a2890ef3bd8a9f7162305798c48368

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\5B0D6A4A-BAB0-7891-A534-F0910F7AED3C\bab027.ttype310512_510.dat
    Filesize

    200B

    MD5

    9c3dacb5b5a8352c54ad9c036d7220f2

    SHA1

    15d35013f553712adcdd51dfcd1616a139e1e865

    SHA256

    d53b0257eb82a60523aa80f13bd91b627b2489cd52776a02d57106648079b6cd

    SHA512

    f9947383bdbbb3c4a9f737e69c5bd6e99fc9070421f801bd5484e84c1adc9a915e0423fa352f57ab99080d1d6129a5e995e40e28f8e54fe206d30b7d891f125a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\5B0D6A4A-BAB0-7891-A534-F0910F7AED3C\sqlite3.dll
    Filesize

    508KB

    MD5

    0f66e8e2340569fb17e774dac2010e31

    SHA1

    406bb6854e7384ff77c0b847bf2f24f3315874a3

    SHA256

    de818c832308b82c2fabd5d3d4339c489e6f4e9d32bb8152c0dcd8359392695f

    SHA512

    39275df6e210836286e62a95ace7f66c7d2736a07b80f9b7e9bd2a716a6d074c79deae54e2d21505b74bac63df0328d6780a2129cdfda93aec1f75b523da9e05

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\5B0D6A~1\IECOOK~1.DLL
    Filesize

    5KB

    MD5

    030a3d14fcbef96dcbbc3703c75ccf37

    SHA1

    51a0e61b7550b03a36052a6603741510b21e7169

    SHA256

    5551bdfe47245f552e266166a19c38110f57d2a83e1eb2a9584876da01f2b5fe

    SHA512

    1dbd25dacc5256aff9e1c9086c8e9df53bf3ca7a30a0ab28876fbabeb2722591a73cf35c160b2e5c965754dabc846bc148f97c869480d8382494179463982b8c

    Download Submit

  • memory/652-55-0x0000000002D50000-0x0000000002D51000-memory.dmp

    Filesize

    4KB

    Download

  • memory/652-148-0x0000000060900000-0x0000000060970000-memory.dmp

    Filesize

    448KB

    Download

  • memory/3880-147-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3880-149-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3880-151-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3880-153-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download