Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03/05/2024, 08:26
Static task
static1
Behavioral task
behavioral1
Sample
1014e3d14d34bf1b93df78dd6110b8be_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1014e3d14d34bf1b93df78dd6110b8be_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
1014e3d14d34bf1b93df78dd6110b8be_JaffaCakes118.html
-
Size
20KB
-
MD5
1014e3d14d34bf1b93df78dd6110b8be
-
SHA1
aa293372bb3e3ceea82d8b99c2aec9c675b4659f
-
SHA256
d7a46cdf62dbd46f939a92082e2480f63cf607f22af15dce8539894e04ff3601
-
SHA512
c84ca8e7cfa5e40f351f16c24c65e646d2f3a4ee2b07a644ad91fbb60a593efe3771884878e73076cb8f4490ab3dfadff56533c237e610db8d0ff6644a7ea5a1
-
SSDEEP
192:SIM3t0I5fo9cKivXQWxZxdkVSoAIl4lzUnjBhvx82qDB8:SIMd0I5nvH9svv6xDB8
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E38EDA61-0926-11EF-A01B-4AADDC6219DF} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420886678" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2264 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2264 iexplore.exe 2264 iexplore.exe 2080 IEXPLORE.EXE 2080 IEXPLORE.EXE 2080 IEXPLORE.EXE 2080 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2264 wrote to memory of 2080 2264 iexplore.exe 28 PID 2264 wrote to memory of 2080 2264 iexplore.exe 28 PID 2264 wrote to memory of 2080 2264 iexplore.exe 28 PID 2264 wrote to memory of 2080 2264 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1014e3d14d34bf1b93df78dd6110b8be_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2264 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2264 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2080
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5cb3b0c1d8cba3c2f97750ca8961ddc5b
SHA15771b9b0d56f6f2c90a5521305b58c0544c9f803
SHA256e0c64d0c20f370c8cfcbf24bb7021267b644406aa76118e85e1b291daf25b796
SHA51262f70b140ba46ef0c261063cfe061e09eee42a009e2c42e41482fbd4aa5df47bce153d7a51fe5628288b9f1e79af4512a646fe676759589b6e12deb908ddcbd7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54def965865968318ba729a82252127d0
SHA1665c1bfd5fb31a14ea5db2dcaafac8d32af10094
SHA2564c1b14fe6f4af4de8a933d6ea70b611889be7d2c82465573906b66ff048a6366
SHA51250ea40273fe1b9992c5f067b457a1ef5406f73dceb531a152bdd9ce1701b532cea7ba3b471ba470422e1bd8e2c691e8c2d13569cd0c8c74cec9cd7dd5372bb1b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b50c5fecc4c6e33e6354344c81e5ffdc
SHA133229c80ca8fa68f690407ef13b2035a406e3d07
SHA256a34e60eba33cd9e80ac5b1864a097ac4aeec513db06ad1f2b328c510d4ee6a2c
SHA5126cc2dd60cfe7a5bfd2c9fdd24c1885c8791ccade2fc84472bca91ca61228bf283760c89fcde58f7de73d50ad0b73425d60d41239699cf5c66e12cb7475714db8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b6ffded3ecab5c9f9bc2a687a694866a
SHA1b63377ca62bdd2fa73cc1847c04bf71fe444f2ca
SHA256617c8631b413dca57a5260de1dedd8e5d6c6baf4c9e950112bbb88a400ede143
SHA51227ccd41e3a5a262efebdc7293bd5d5e3c9f50825b80e8b583eea194f43928e64778564b220f65c916ed7cf63065d2b9217d327399766c4343d291fa1c909c3ea
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5cabf159d739f4773f8605e3b991b81a8
SHA13e9c8e3a594460494e8db11de8a19dbe64e7e3c0
SHA256dda49b5f65b9acc9e5b5a77b1b7bae9a6640a9a734e6e364a55deec6379e0132
SHA512a4b1128820afebe94bbba0661d08262c45c7200c4f57549283516d48c03c17c5b4581ac4c00ba50cda76558f45fa7a4c840d90a52a7a1b3ed37ae21f8367305d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5686402b65e3a57ba6e1f0044a834fa39
SHA11d46e5387a51d8623f3690af81b63a2449a1f80a
SHA256810fe4f9d5d4f51aec455886c134eda96a20b4d3cc0dc97ac2f6a86925bc2c4c
SHA512b467e7771b6b0753c2bfbb12946aaf469d405e48f171afef0e3ebc072a7d0fa0b5a7fcddc7963f4fe4579ce9e7aa39f786101eac4e920572af8512dc71f38bb7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56f42e2ee10c70f1b4e75bd533f492fce
SHA196361cee3ffc58b00e683711d62245256580b402
SHA2568057e28a73dbf26f86d499e12076ec07ad977a0991e3df78a65bb5cd9bc57534
SHA512712e9ac24885bae3c1f2c2adbeb8ee07bc2f7af8edc8a5a06a9ab494bc174e152cbc6ed2a37a46363b6c743e5b243ba82fe8a4da1a6e41899f2c1a71ba676e19
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD589040465791145aa84a57566da8d1b7a
SHA18785df324aad4fb96421f2b41eb89376b7c54bd1
SHA25674c6ac6793f8b3e1a80915797b398f0103e10cb77760bd71038e614490964209
SHA512d46d447e84e81c1e6629b642c9892c199ae3a80807b45e4e383d21b6d133b4002eb7831245389c67e103a8b610e9b22f1736cff158c2ca959a0258197dd2eb43
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a49ec97659df276df0f67aa571e99f37
SHA1e59740a5188e5d19c499d4801c108af22be71372
SHA25698ff956be28549b9a82960226a8e3fff56f5a3feecb213c566ecc56495930363
SHA5121101164d2e112bb1cb74d3d6d71980259467cde507e3540dd07f818452f7ca707900e6b3aace05ab20d687a459689bcefc058efcc63a6c781ff7ffd17583f197
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a