Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

15c5f7c55b...18.exe

windows7-x64

7

15c5f7c55b...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    05/05/2024, 03:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    15c5f7c55bcbb6ea5236da240f0c4f03_JaffaCakes118.exe

  • Size

    1.4MB

  • MD5

    15c5f7c55bcbb6ea5236da240f0c4f03

  • SHA1

    52093376cba61c3c9f2fd60a3cdb42d909b49111

  • SHA256

    24bfc1076092095e13ff1cc8835f28e6ef1b47d384b920556491c9c2a389dd3f

  • SHA512

    3df98e16a115a591c60711f14267fd6620b7fb9c1fa9f54d6a6cd8fa9173e9fb9548a2e79084e17752999b50ac130f13c7c4a68eaad14101a4fe766321ae9859

  • SSDEEP

    24576:HGTBjw4aeYzoVwhQN/iAaLM4vAXwyfzb89Pp1z4SzBuomm7Ohb77N4QEptX:HGdjtYzB+/ibDYXZfzo1rr9qb7p4ZL

Score
7/10
adwarediscoverystealer

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 29 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Installs/modifies Browser Helper Object 2 TTPs 5 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in Program Files directory 20 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 1 IoCs
    installer
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\15c5f7c55bcbb6ea5236da240f0c4f03_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15c5f7c55bcbb6ea5236da240f0c4f03_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Installs/modifies Browser Helper Object
    • Drops file in Program Files directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1620
    • C:\Program Files (x86)\Baidu\Toolbar\BarBroker.exe
      "C:\Program Files (x86)\Baidu\Toolbar\BarBroker.exe" -RegServer
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Modifies registry class
      PID:2744
    • C:\PROGRA~2\Baidu\{31DF0~1\ASBarBroker.exe
      "C:\PROGRA~2\Baidu\{31DF0~1\ASBarBroker.exe" -RegServer
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Modifies registry class
      PID:2648

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~2\Baidu\{31DF0~1\conf.xml
    Filesize

    333B

    MD5

    6dd75c3990eabc4493f873b55c04eff3

    SHA1

    9a441bafe2916f4c0d143e91829d0c5159b78eb5

    SHA256

    dcc449371c23fffa9b8c0e5a4f1fb464ab3e0f94e1eda59d9fd0899559106f3e

    SHA512

    8f148d18d0334a3e6e5ee2278a214cd855a9de227b14d7eea09fb5e2b8e243edcc45114a2d5b35a027049ec89090aa20b10e7d4165f7534d814d9c50b8e76ba9

    Download Submit

  • C:\Program Files (x86)\Baidu\Toolbar\BarBroker.exe
    Filesize

    228KB

    MD5

    adafb685914e48bcb2cc47d02de967d4

    SHA1

    241e39b0b51028ab451f0abb2e39492ce18e2701

    SHA256

    2a5e0c7f3698b8192df5ca2548944632e656eb27f4b3b3bd252b370b7348ad70

    SHA512

    8f01feebc063c0b611c7503f1bbcbd5479fb65f0acc8c66eae91965228c5c8037bafc3393b251d77f2f62d457d2e661b99d703bebac7df269792f030258388ed

    Download Submit

  • C:\Program Files (x86)\Baidu\Toolbar\rc.dll
    Filesize

    468KB

    MD5

    fd00f62dcb903fbbbe40aeb48a482708

    SHA1

    1333d5ef06dfd707e40a1322cb40c08487b3f50d

    SHA256

    3efdb3bf488038cf8c08b690f4bfa469fb49b9d2ed585ba3c88feb0770f37350

    SHA512

    c83ac2be93e05527e09de4ea0b3617bbcbb5747890c7a0b861ad3b55aaaec3d148783a7fcbbacb66b92ede37440d82d41fbfe8a871273f1c6796fdcbe63131a2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\dblE26.tmp
    Filesize

    1.2MB

    MD5

    10a311357d5a4f66ef3d902a2cf5e35f

    SHA1

    129cf2d957da9f4ebdf330fe238ad7832310bf7a

    SHA256

    99b5a682cc03894a9e95d360127c10a1efd4106ea3ae50a56351f9f2e4f74a59

    SHA512

    d174436e615c0fdd2e0b23b79126e5c83d27add68f49a5cc4c62f12ade893f16669961dd313b2adb79f0a5fbfea686c779b37a569ce800e30d87e6c59cdeff3f

    Download Submit

  • \PROGRA~2\Baidu\{31DF0~1\ASBarBroker.exe
    Filesize

    129KB

    MD5

    0ebf8f583abb1ffb40c07b87eae4edb3

    SHA1

    ef91b3245f426b86c2b69fd9678176d3be05c009

    SHA256

    00a481ef9985281177c1f6cc6d055c2bdb719db224637e7eb474a3eaab6305cf

    SHA512

    0bca7bc46019628149afb00cd69d26fd59195c4cbecbb472f9afabf73e8b3eb1da20fdaa4ef03c0776d11b5c8532d16b40a927e4b8b68640067c145cb7e463b4

    Download Submit

  • \Program Files (x86)\Baidu\AddressBar.dll
    Filesize

    1.1MB

    MD5

    57d9f8b6e595ef4a02d8630c53fddcc3

    SHA1

    523dedd35613dc3221657876a3f5248e38e2a842

    SHA256

    c9a2b8ff0be921e2ac2ff6993f7fecc486b02969254884f89af3a19babfcf7e6

    SHA512

    e95f144caa3bb636fd4a085a24a41d95ac6dae1c47d729400bb65a37527863b02b15e98cb62121f2155956f8a2b177f3b1a11d9ba08881858924d9bd75be985e

    Download Submit

  • \Program Files (x86)\Baidu\Toolbar\BaiduBarX_Tmp\BaiduBarX.dll
    Filesize

    2.6MB

    MD5

    ba75680a2b710f7d2c575e816000f041

    SHA1

    a36e8bf8635473494cf58953227b21facdfd2682

    SHA256

    4c4c9cf71e8eb6f83fe875ad657512f1405648b30472df6597d92a679ee51801

    SHA512

    4408149541ab4b6eda6c9d6b95995be64773559701a18096c283e503fa3b5b22b624db5956c7916f4cecd80c47036e13b100dd51069ef23292749ef4a89bfbb3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\ablE05.tmp
    Filesize

    172KB

    MD5

    685f1cbd4af30a1d0c25f252d399a666

    SHA1

    6a1b978f5e6150b88c8634146f1406ed97d2f134

    SHA256

    0e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4

    SHA512

    6555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9

    Download Submit

  • memory/1620-33-0x0000000003950000-0x0000000003BE8000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/1620-46-0x0000000003CF0000-0x0000000003D65000-memory.dmp

    Filesize

    468KB

    Download

  • memory/1620-93-0x0000000004040000-0x0000000004166000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1620-0-0x0000000000400000-0x0000000000431000-memory.dmp

    Filesize

    196KB

    Download

  • memory/1620-10-0x0000000001D40000-0x0000000001DB3000-memory.dmp

    Filesize

    460KB

    Download

  • memory/1620-2-0x0000000000240000-0x0000000000271000-memory.dmp

    Filesize

    196KB

    Download

  • memory/1620-143-0x0000000001D40000-0x0000000001DB3000-memory.dmp

    Filesize

    460KB

    Download

  • memory/1620-142-0x0000000000400000-0x0000000000431000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2648-140-0x0000000001E70000-0x0000000001EE3000-memory.dmp

    Filesize

    460KB

    Download

  • memory/2648-145-0x0000000001E70000-0x0000000001EE3000-memory.dmp

    Filesize

    460KB

    Download

  • memory/2744-78-0x0000000002030000-0x00000000020A3000-memory.dmp

    Filesize

    460KB

    Download

  • memory/2744-83-0x0000000002030000-0x00000000020A3000-memory.dmp

    Filesize

    460KB

    Download