Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/05/2024, 01:43

General

  • Target

    379847785abeea923114164226c6cf4e_JaffaCakes118.exe

  • Size

    1.3MB

  • MD5

    379847785abeea923114164226c6cf4e

  • SHA1

    d2367dc56236f8032d66f7081b36aa3a1636b04f

  • SHA256

    9d76e784547306757ca91d82b58d6ab9dab3708de0c1c08124970f0c20429b8f

  • SHA512

    e3aea21ae7d8ab018d5dc795754947bee454cbc7bf48df2dff17e385b2b0a75a68a07c892e15bd9b4ec6b44b0e253a7515dc87245ed3aaba837dedf368b90472

  • SSDEEP

    12288:jiLJ5i7sJXx0douBjhCCAYi8c1i6oaeNSoeDlHsg+2Vasj0eqV:OspfjxAf8c46oaKeD5l+25j0tV

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\379847785abeea923114164226c6cf4e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\379847785abeea923114164226c6cf4e_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Modifies Internet Explorer settings
    • Modifies Internet Explorer start page
    • Suspicious use of WriteProcessMemory
    PID:2072
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -noframemerging
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:5128
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5128 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:940

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    471B

    MD5

    344899c4c1f467827fa9e0f8fd04aa66

    SHA1

    17a4fd13324774f32c0c09077ca4e259a1bba84a

    SHA256

    48625a75fe2abf7daa4c12fc47b318b04e990cb6713ba839965b28fd03bd1bf1

    SHA512

    249bbd06a50616622dc8f927f3c8b5fd814d72cbb68fac0ac4cc582b6ac5ee06115f3a7a6c83826b02d6224207050d2d109d15b65456974bcf0b00d802e6c6b5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    404B

    MD5

    02e69dcc6e8add22c713c1394ec60889

    SHA1

    e4cda86effaeeb823ed0b3a7f99cf4746e860e58

    SHA256

    a17f3dff05a5da8300c13c1f41913651b495c864bf151e011fcc72eb2e826a06

    SHA512

    eb4f0b74142f014285201dcc5a6e8765fd8dd3ed4c1e28cad08ea01b0499e7f6700646c7ec7c6d6222a75a504d54277cf3204bcb46eac964a3cfa43acd318796

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verA8F2.tmp

    Filesize

    15KB

    MD5

    1a545d0052b581fbb2ab4c52133846bc

    SHA1

    62f3266a9b9925cd6d98658b92adec673cbe3dd3

    SHA256

    557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

    SHA512

    bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NCVVYLW7\suggestions[1].en-US

    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee