Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    137s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/05/2024, 01:49

General

  • Target

    5c90c2d366dcbf9b19e7ec312c90e6ea_JaffaCakes118.exe

  • Size

    1.1MB

  • MD5

    5c90c2d366dcbf9b19e7ec312c90e6ea

  • SHA1

    02ca768c4bbe0b6828ea6f393096b67b2e376f79

  • SHA256

    9e9e60d80f1c3bf4ce1dcaf11e2e4ac4f25ab26021fbe05dc3d575664060bb6b

  • SHA512

    f171b2d4d8718f1f96b649bcb40a1ae18b20df5eb34bb8b31465ab4e3113b6dfeb51a9be2bfc9300e3d28d80d097a6f4d0314cf353bb40294249487fd4a23349

  • SSDEEP

    12288:HsM+aTA3c+FK1vrlVYBVignBtZnfVq4cz1i5pP9kPQye:MV4W8hqBYgnBLfVqx1Wjkf

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5c90c2d366dcbf9b19e7ec312c90e6ea_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5c90c2d366dcbf9b19e7ec312c90e6ea_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Modifies Internet Explorer settings
    • Modifies Internet Explorer start page
    • Suspicious use of WriteProcessMemory
    PID:2852
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -noframemerging
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1980
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1980 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3240

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    471B

    MD5

    50beaeb29c1828aa58b55057a8017095

    SHA1

    307492f413ef87df41277ca164eea78626e75381

    SHA256

    18d22ed4722a234c4d0213522c955b6e447564401621c1ba843f2a91ce4a3492

    SHA512

    9ef69f048bcdfa7b18c192977d15ec6477748cc697bbed97ab5ae1a3b1871d7d06613011b310eecd2bc32512d80214cb0784a1d9b6f9dd766367ef593fedaccb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    404B

    MD5

    54be854014b9c40c4095697062d5f5b6

    SHA1

    827c50d250ad95b622045ebcbd625c6e40b447a8

    SHA256

    650f035bfa7052ddf65f4bf5d10819713a355a0eda7151f525b400ede6dc001e

    SHA512

    690d672b74a03250fcadb1df57ca96a009cf1f4423f437606ca5f07d3212781e24b0cca030c700b5aab49b8c77b3c6c2a09058db0942829d3daef72fb202e561

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W5OVUPOF\suggestions[1].en-US

    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee