Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
04/06/2024, 10:41
Static task
static1
Behavioral task
behavioral1
Sample
9487b99efa4b984f381b888f0acd38a8_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
9487b99efa4b984f381b888f0acd38a8_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
9487b99efa4b984f381b888f0acd38a8_JaffaCakes118.html
-
Size
18KB
-
MD5
9487b99efa4b984f381b888f0acd38a8
-
SHA1
3f97af043037ccae103d573354245420aed03818
-
SHA256
b17b5a90867bfe2e3ae1c896e6ec8f5632667bd7783be23f00bb3f17b2481254
-
SHA512
d5df1f8ad67498a9668c5e1afb926d46b290356df357849b9d66f1ebb51946ed777f90d896381734473d403820c87f30cc4b3f04520065c776eac5090284b765
-
SSDEEP
192:SIM3t0I5fo9cKivXQWxZxdkVSoAUM4GzUnjBhSE82qDB8:SIMd0I5nvHfsvSHxDB8
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423659545" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F9A931A1-225E-11EF-8FD2-F6A6C85E5F4F} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3020 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 3020 iexplore.exe 3020 iexplore.exe 1032 IEXPLORE.EXE 1032 IEXPLORE.EXE 1032 IEXPLORE.EXE 1032 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3020 wrote to memory of 1032 3020 iexplore.exe 28 PID 3020 wrote to memory of 1032 3020 iexplore.exe 28 PID 3020 wrote to memory of 1032 3020 iexplore.exe 28 PID 3020 wrote to memory of 1032 3020 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9487b99efa4b984f381b888f0acd38a8_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3020 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3020 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1032
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54683e661d38a55517ef42eafcb102dc3
SHA160c23c36f363672298d46d7dfdc91c489e27e130
SHA25628609668177fd1dabcc81ca0f6cee5c02ae86921cce1483dc50325b6585d9c8d
SHA5127b8d0804cbf512cd9e5d1e24568c6e1e0293cd2592e09f0baecf9d1743b69b7484ee17e73727a516199ebb0a8cd11ba1c25c1d5ac7c24e713ee3e8396d09ce72
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5849f3d4a2bd6db787af759ab9753968d
SHA1caa4938c571eb359e2850df49d6b670b4091f9c7
SHA256166ba4860d795429d74fbc813e8bc3136b16f9fe357f1278f2ae2c7525369328
SHA51290bbcd12034900e7b52157f46bb5f66b3b3a70f2f879d1dc670d2731d1a38b0f758efff4daac4f4a61df878e2d8fa42c1d6226ade7aba6aaaa61547d0c844a20
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD534eed96190960e1b803b91f833e19f9d
SHA18656ea85fb9107bb53ff469683cee987e3d0eb25
SHA2561063a363f692268a879e05e53e05cc9c0bbea313055100eb2e163a6fcb1a02d1
SHA512eec516f4e26e2576136cd5feb864fa8c07e2c29a4f350c9802e3c74d95f94b35ee0812e3c628c496a703981e73154f77bdda2546f4fa91734d8e76afe1aaec72
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD511d47e375137a22ebe0c358610478b7a
SHA1efee88ea05d4bf808c0c08d1e20c3829b6fbc068
SHA25613f4822cdc7e27caacacd26215f31d20e8948a4e9541be0507d9536e93831af6
SHA512311d69f463cb4a77f65fc54593134aadbf024e0fb2e29e58b4487c2dcf7b2a373a0e8156563b835e5644eb48b8a32a433d062a81cc2492e70d60b911d2b68371
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56f039a639d4826aec90d6deb382335aa
SHA19b21d72728c4ffe7862a0e87dc2d7dc9adf3d23b
SHA256229f0157879362e110a5756e338fdba96906466fae9d76936cd8392c89834108
SHA5123d161a0646bd7682c95c17a4a95112c30f15c1105e4f503dbc2a4508484fac7c36290073fed07c2a710cfeb8bea4622793577cdc4ac733644d7178b755435080
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD553bbc0e76d48734ebd73701c937ecbc9
SHA1b327b7b875aa3eaa21877aac502719fcf1671041
SHA25637076cd04b31e63078a0797c802820fb72876491204bdd2335e2f454b1da3f8d
SHA512fc9fce960c1e1756e9431627bb5f5d30bbb7a25b9c2e32104a4a75b871876e003adecbf8c84558065b7a341474c9f03c80ecf06f4629952cbc386e7007a2b417
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cb1569f6bcf9dde947e131f775d7e3f1
SHA101a91081f0c5965224df3a9678dee47d3a803a7c
SHA25630831021e9d30c131ef11df9c6cb09b03b0b36831154eac7ee1c687d5abff1cc
SHA51203045f732e52358534cc2fda1aad2bc4271643631ce36df02f6fef3a6437b42112283c62e528e9dee5817c2ef444c2706d1f4b3bd0725da3259e86ba19a0bd5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD589da6556226605c6e2ec1d040f69a369
SHA119357522f9276cdaf6a606b4dccffa36a096f2a3
SHA256b4c5c81b433fa6a285a500de1230b66aeead506f80abddce5712784f7a09a238
SHA512ce1d500c65f461f0e553fa1c3e11924b7fed157807b107903ff53ac2831d9854cf0b9f7c8feecb0f1e12977759114e5e3a24b5026894bbe0f4c5ff52824b05c6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bb257e6e1fa3ece72683deca01ac6230
SHA1ddce4ec0d68fae0b61948f373b9ec5f6434a6240
SHA256f8a92f6a8529167c23606fceb24c0e5d0f916293d1461d9c5ab037d9b268b67a
SHA5121b6b03e55ad9fd1d7ba9b2cbd0da8e4c42e9004825bfd41de05b6b956770c72295d8ed8f9496c23779a6233bc4365578334b6fcf619212b787ac3c37dab7dd74
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52d5cf6c19e14b18bf05664f428d2e8b7
SHA1e2c537410e3b9868a48365876f4c3030b1c7ba97
SHA2561f722ce5db23f8fe2cbab163764d66fe5187ff516fd1b105f9e3319081a36d41
SHA512e03234aa5d2a7c732ac6ae58962da79d8e9a12c5868a3b58a324b0619d7811a0da0da0f0705a51a7e34f169938c6cfc5c351519018d6a6c91873ecff25ec4307
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b