Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

69e831dc3d...18.exe

windows7-x64

8

69e831dc3d...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    141s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    23/05/2024, 05:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    69e831dc3d29a7b5e978336e9bd162ee_JaffaCakes118.exe

  • Size

    6.4MB

  • MD5

    69e831dc3d29a7b5e978336e9bd162ee

  • SHA1

    40fcfee62420d295b113aeffe762d73f5167d247

  • SHA256

    40650ecb04452369c3d6157b207d24d56498cd3fc64a68600f138c1b32fd9ea8

  • SHA512

    d52fe818bdd9a55830690aae0fc3b9e0cdbb49d509578a19c059d246880ddbef5f4e56c89ceab91c683ba4e2243c78ac6458ceab7c0fe41bc6b92a695d8a87f8

  • SSDEEP

    98304:hia4SWONrzB1pUqG8apgW5vL/IIdpm3eC5TV15gjEVgW2IZ:PWOzRUqsgcwIdpM7Vo9W2Q

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\69e831dc3d29a7b5e978336e9bd162ee_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\69e831dc3d29a7b5e978336e9bd162ee_JaffaCakes118.exe"
    1⤵
    • Checks processor information in registry
    • Suspicious use of WriteProcessMemory
    PID:2004
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://down.360safe.com/se/360se6_setup.exe
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2968
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://down.360safe.com/se/360se6_setup.exe
        3⤵
        • Modifies Internet Explorer Phishing Filter
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2976
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2976 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2540

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    eca9f371cd39cc34d77b1b70a27697f6

    SHA1

    3410b768298e163ef3313cc3319c90a1e3915be1

    SHA256

    9b4366d632b3201df6f5bb8c472a00388acd4f6e75e4c1525539577657615a8a

    SHA512

    dfec75f03beca45335275dc908f17da8241b530bfb671cb03a6c27c84d14a06f793d31e487e2f0fa8e99a9db838328d7608529ed3487654c2dee659cce0b1eb5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3ff90b63492e9bea328fd7d057b26fb3

    SHA1

    30c80b15f813f7749f9bf2f2cd7725cc6a2357ec

    SHA256

    afd12efde4602f1d2959c917d73fdbb15a5941b6486e23fcc1147b2465a09e13

    SHA512

    0767834ec7430e1e6c9b1d7a3da80c470f067c5634edd14bff812471fe276d8070643e4e7d70fc3b987abf9d3be058397743ceedcaeab689bf4c2ed5be890697

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c559bf69d35dcd927876d9c47c78161f

    SHA1

    4fcb1d9989b59bb6b4c9cbaa2ad2621c347b99b9

    SHA256

    0d120b4c615837ac54c666939dec0948712562482155faef33847fffc7cdcd35

    SHA512

    cda205b6794b5d865ff16ace13d4a74418a5b16a9f58bcadc70459a4e5cbe04ac1adabd87a67b494a7fb2e04b232dbf9623a7b9cbfc3f1bcb5e3df6d24ecd2ba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    aa56713058abb3522c939b8dec520d61

    SHA1

    4967208f63729dae6595637195a5355babe97acd

    SHA256

    2648690b9b18ebc6596d44ddec4d25b36d60fc46d7e0dd311b39b22a68f2042f

    SHA512

    92dd23f8d4fa9b594f01fbdb91743ad639350bc8f360924ee545582030bf81190b7f0e75186aa30cb2e61c1966827fe25d11027a627befaf18197403f8ed9a7b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cf7ab71c7088e8c0c8e00e4ca250f64d

    SHA1

    1e8b4719d1424631c82edcb1a988d9321e99513e

    SHA256

    1637ed9cea656fb067bef4729de8eebaabcd16196d2422cfa2c54726eabe90fa

    SHA512

    8865a945063cb0696945a382983aefa8cedb0b923950b7a247b5243365797024060c0393aca9f5a39cb9341b5302d1ed1b1874e57571ac33b038b49bbf5cfc4c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ede56b05500d90bed3cd9ff698521ac8

    SHA1

    61f20cf31e0211f3e9c841be56e5becfd1db3490

    SHA256

    d7722e96eedbb46f683694631a3412cc2d9f5bed49820a375fcaee296de0a2ec

    SHA512

    7e25cf7aefa8743cd6e1d175bfc4f3afd8646f8f11d4917cf3904bad3415a4e72326f6a3562356a934510f499987846de2ba1703c0e9f174951bfc7657a81a1b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6ee16dd59a40086ee3effc1ab90930b4

    SHA1

    5c0c815b6f8cefecdfcd48eea213df78e89d1694

    SHA256

    f2fcd9324c2a1555bdfe48d5b1be3a37166544c467b631693f3156de7ea9b4e8

    SHA512

    5a6c99c36499f60891c9d7a29954bda3334b11b0364eeb0bd7c38ee64f3775257403319f176d7ae203a44304b513aa443fe9070542c5b7838a33cbec5af57e3c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    461d89417f40cb1656638a1925cb88fb

    SHA1

    d31eebde7c7aa2a212104b3a4c3f12a7de56d444

    SHA256

    50eef79057b88fb2f380787cf6d5631c8cbc2c3467728ccbe696fa20ad36c3c4

    SHA512

    9c87f96e4b1d8838c41e8dc7ccb0fcbe76fd0b3aaf6191fd6294fcf6f1297f4e53bdfeb75befbf3da7eef5178b019dd5172015fd6e6f5baebb85d72f747ec067

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab4607.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4766.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • memory/2004-4-0x000000006FFF0000-0x0000000070000000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2004-5-0x0000000000980000-0x0000000000981000-memory.dmp

    Filesize

    4KB

    Download