Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
09/05/2024, 05:04
Static task
static1
Behavioral task
behavioral1
Sample
286a607ba9b12025e3441380134328b7_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
286a607ba9b12025e3441380134328b7_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
286a607ba9b12025e3441380134328b7_JaffaCakes118.html
-
Size
18KB
-
MD5
286a607ba9b12025e3441380134328b7
-
SHA1
ca9217886555174d390059592c89c23e216435af
-
SHA256
a12f0ee5927b59a9a38da61b198234afed44e9fd415fda2bb7b25ab98fbdedb5
-
SHA512
d702d99f2837b8a9bf50fe35b97d372f5552a183c5ce6aa73489e0c9df7fb75e0f0bd88a1b70976977f8fe49007e1e9d189273c3b5f16c904e1ace5126b175de
-
SSDEEP
192:SIM3t0I5fo9cKivXQWxZxdkVSoAIV4xzUnjBhfR82qDB8:SIMd0I5nvHpsvfaxDB8
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9BAEF371-0DC1-11EF-8CD1-FA3492730900} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421392934" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2176 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2176 iexplore.exe 2176 iexplore.exe 2288 IEXPLORE.EXE 2288 IEXPLORE.EXE 2288 IEXPLORE.EXE 2288 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2176 wrote to memory of 2288 2176 iexplore.exe 28 PID 2176 wrote to memory of 2288 2176 iexplore.exe 28 PID 2176 wrote to memory of 2288 2176 iexplore.exe 28 PID 2176 wrote to memory of 2288 2176 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\286a607ba9b12025e3441380134328b7_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2176 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2176 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2288
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5df0cc90e1e735fb7eab62e022a625d57
SHA18ae9fd5e94c2544132325ee35e53301b19005799
SHA2563984e0504b7fdb18303c66cd99fe6edb1e6bf5c7d7e53bc8a23b1051c8267d6d
SHA5125dbb08c03090cb3771f8fe7b258b4d4ece28909cbc249580478fe9fc8a91255511f85c910ffa270b545e79a910f2e97181c8be09eaded26e93ec2e8d0d8aedb3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD505006cac0ead4314ddcfcf213358dc53
SHA15f92245fa70bd6a3887a248757f8967a02ab4683
SHA2566847c2f42db124512ef22a9bd2482a3680e49c0ea353bf7cefb91fe2ac9aa1aa
SHA512d080fed5f68cc0c6c7fc13e9eda224bd08cdef758f258a0f13f81aa74d2a29e76e29b4e41a93edade5c84e46241b353f9cd1cb1ea97d45292804579922c5980b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56110ea6448ec0130473fdf736c359788
SHA1e8968e1226c79cce44306625430a02d3e7d8ae2e
SHA256d92934e22cd132da4b887a65b94fdb5bea2575694153050c549082aa6a03efca
SHA51208d786f81e277f68b729073ccc22132541cc677138be5e7ad60d05a5b4c42317954fea80f3f78f3f605c8423407ee4c56afa9fa57dc8b7d126f5229f2d1709be
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD596282727489813df380f2b8b8032c0e2
SHA1b9de0436fb43730d9a0caff929205305145f2ac9
SHA256eff3cbaa11a69272c468740d1173f0725a4d1422e564b9473199f2794113cea8
SHA5120186f7ecad87e2059c7d4317564992b2938f7a77eb1eb77d7871ba26c5239c637b77c526ad82adf9d2b643ffb467caa798c7415e4468afa153a4e9426b8baed1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ac624e7514b616cbb8a7cbb11b0137b3
SHA15027199ce3cd4eaab4db7fe4dbb6a2040aec5ebc
SHA25625d8bfcd2068464ad11785b108b93f20a654bcc8d1efc68770eb1777f5f99b11
SHA5127173a52b74df9390cde51342fd9261c0429b224a9bd6b1ee8f02bb41adcdadd722265f51584858100798f4899c02abedab88c2da9778992d4ea59fb14fa8220f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56a73673366645a6aa4796bfa12a73635
SHA120dfe430c0535e8f30e90f35226c974a46b932ed
SHA256b29b9c815cb194cf07447c4f3bc3c731866def24861448de7f4ed0e45dc70b28
SHA5123a9f9b9790753fe715a657f60c17e6c9583c0df53f26dfd1c439b53406156ac3d97678856cb55f404ea39310407155eb92b714c1ba6bba97663b2accde0b8881
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b13c48e31d628be6000797d0631c406a
SHA19156e988df65195e3daefb180f8dc146ad8c3c1d
SHA256f1fb552570303386d95a06f7cffea060ac9c454f791b1e638da1fcaa580c15ab
SHA51298349eb345462aa3c9c641d9eda142b76916ff116fa014840665f3401999afaa838d9bc4e2d027a39a36c9cb5b3de90f0bfc2b3816674245573e12de1a59e71c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f98a98c18c48991fe5cf46082f2815d2
SHA10cc509edeba148428be57f48645e2813438ccdc1
SHA25683d9bec0c8fd490a7f628f23da682c1c62dd9bc07e32c5782c9cc5570e05c66b
SHA5121df2aae6843918d288fbfdb6f5da51cb293a37124a9a3bc91f831cb92fdec8aa5c5ff6a85f31c895dc6ac3cbbf4e43602771fa704aaac7cc4cd147b4186ae806
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5afff0ccea51eadbeac8a745e8a245418
SHA154474cf2eb504ee3dd824357a720e3773098700e
SHA256d1ba13d252f30a6a0e5b5b8797afdbb3b127b613ffc655fecafac86c2c28ce84
SHA512cc045d23015b4ac7afa1aada0235dde30b28971581f5918a7a3b7db58ff4226d2d2828a09ba6458f72fa3d0351656a8093b02880fa23bd3e2311f98c6a1c595d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5348d474e88c758694138049e31c54355
SHA1c014028f70d656abaa2b8bbfd9a52c2f2af951c4
SHA25659a767eabecac1b42c7715e020de3c361f9f0f743b1905391d8dc4d66d6dbfe2
SHA512f9e9f9f7630519cc751d4fe375cd07f561f04eb38e59c7617f8fab6cef54826de3974eb2b05a7d8049ca9059f71ef622238d41d55d3243840bf9cbc3c99e8eca
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a