Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    93s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/05/2024, 07:27

General

  • Target

    785a5956f9670ab2f02920ba15d02bf4_JaffaCakes118.exe

  • Size

    1.1MB

  • MD5

    785a5956f9670ab2f02920ba15d02bf4

  • SHA1

    0527b0936e8ee7f5c6da3e425619d1b8c2b7d3e1

  • SHA256

    d3ab6b282cdc39a2dfeee1762e4ff77208b76821954262759724695bcd939d00

  • SHA512

    737bb76d941d1b30d1288cff32039e07980fc0a8df73e1e05ece4a6d11a6ef0fbda0be97823f6c38bb88f3669b696c14a90d3ee5322040476d0cb523502f4c92

  • SSDEEP

    12288:PsM+aTA3c+FK1vrlVYBVignBtZnfVq4cz1i5pP9kPQq:0V4W8hqBYgnBLfVqx1WjkX

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\785a5956f9670ab2f02920ba15d02bf4_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\785a5956f9670ab2f02920ba15d02bf4_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Modifies Internet Explorer settings
    • Modifies Internet Explorer start page
    • Suspicious use of WriteProcessMemory
    PID:5072
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -noframemerging
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3864
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3864 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2308

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    471B

    MD5

    90e9c891fdbc30c47adf44608d1e62a3

    SHA1

    a41e884afa528048ccec4b6a6692e164ab684553

    SHA256

    4353c8e772765f9f44b5b51678d48e558f5c3ef3b2ff2a04d3fcfecf47540619

    SHA512

    e5b5d33b716d805f64030db6f9d60cab1aea1a5425f2a3830bcee402d0a42e8c2f5392df37c2662f10a96a3e375c7ae67afdfdfedcc027d40c66ffd18dd47e53

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    404B

    MD5

    00fec696c4b945d4aa1c474d8c735db5

    SHA1

    206301060e17d6c26961b705722aeeb4c1bd35cc

    SHA256

    dff603baa98c0191a83af903aa292b2598b0628cf3b497907dce0fc38857244e

    SHA512

    f9c12df0fc64ef3df719a0363d555781b395f52b40a857f3367cfadd5fb0fe8d7156d0333bb815724482c2d660bdcb82ebdf665987df7662b661d0ebc1a2b006

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZURVPW13\suggestions[1].en-US

    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee