Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

0191916ca9...18.exe

windows7-x64

7

0191916ca9...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    134s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    20/06/2024, 00:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0191916ca92e58eb51ff73d57dc8f08f_JaffaCakes118.exe

  • Size

    44KB

  • MD5

    0191916ca92e58eb51ff73d57dc8f08f

  • SHA1

    c8be520d0aac214a4771e01fac80421e13387292

  • SHA256

    8eb224f1e43136198a0d6094d934e8744f7067f23eda5c512044d542e4b43f91

  • SHA512

    b16836efc31d5a85aa2d246bdf32a28e9cd38349d7b25677016a3e46a66579278c14749469dbd63699b7ea2902730939be452b0ea677de0bbf34556e1a02f17d

  • SSDEEP

    768:/50T7zOf6WmmmQtpL0CX9eTLr/ZWWM3SYxtF4pff4mtAshm8Wj0:/LY0tpTX8TZhejIu8Ww

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 25 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0191916ca92e58eb51ff73d57dc8f08f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0191916ca92e58eb51ff73d57dc8f08f_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:1516
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c start iexplore -embedding
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2876
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -embedding
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2680
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2680 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2632
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c "C:\Users\Admin\AppData\Local\Temp\tweBF2.bat"
      2⤵
        PID:2624
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c "C:\Users\Admin\AppData\Local\Temp\0191916ca92e58eb51ff73d57dc8f08f_JaffaCakes118.bat"
        2⤵
        • Deletes itself
        PID:2492

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d90cf5a0b48e30dc0b002598c721cab3

      SHA1

      c61719cd8376aa2776a4de2a7990660f716d44e1

      SHA256

      36224c1c2e53226fe153d67181fc79da4c5376c150cfa02a5ccf55730b7a4b1d

      SHA512

      4c961796c3b92ef0a747aa7d9b3c7ae1820c5618e1ed827a4519ba5d692327939dcc5e798a394d6f14e8d78743ced91dd8c06574dab85a02749d3767e5911d90

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      db035f3bca9912c642ac2c7258505e93

      SHA1

      21e905585925599f838cafdd2785609f21f5024b

      SHA256

      caf0dc7645f46a4a6d10c12b92274a435bec2c6b23d9b71d49933982c660bda9

      SHA512

      9f5a0d8da9eff696932574edf702f5b8eec4574537d0900711d135bfd3e97386f3afeebffea7c641e6a3a9dcfb20d389fbaa7eb9ddf65bee9ff99eca794d2afe

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      737aa3db27b37a9ff11dc69305ceb70d

      SHA1

      a986bc60f23d30e95209716cfadde047719d6712

      SHA256

      1d1781e3166be8141d890aa03bd7d25e6f1e717cc4b41838b5c453adb5f7cc44

      SHA512

      9a6dc7c944692b004f8250d45ae5d647d1603409a82d17c07d9ee03e4a64acb560d3c900faa0470b70548219d2262275eff596bf7319f2b028b59326ad6d09b4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cd4ea4b56f0473a5c50b28fa37d749b6

      SHA1

      0d158e7dcb55a7a60dcdde4259fa1e28c7ba08b3

      SHA256

      f47542ec1c91d75389c80f58fd2e3cca33eee41bfdd280b720889a780bce05a8

      SHA512

      96b03c382fcc533494c24e3410b2ea0f616f586438c156838f2cbb42499e664867f7d1cb89fcdb3d2b00f919ed82ff2148dc32b27277f002c6be10445f2fc386

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d685488031fd2094a87c0d3e879e8e35

      SHA1

      428de7c165fc52c79a67e03018eabc6f4c8f26e5

      SHA256

      77857294989e193bf9774120de59edd49ed0986f4d925344f147969bbc13d8f3

      SHA512

      32309d068ea7d9ad56c54d9606eee9ed3dcc998d5523270b6417f449901b1baacef3e799324568212bc31a32eb7ac40d0861f3a34b998e180943b3b9162f4783

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2ab98ff8f991ad5d3ed89b64ac47a606

      SHA1

      fffe782d5a358c0cad419054f929e3f971cf0f8a

      SHA256

      a59b3690bbb52e80d05cf0effe20f78dd3a85955e6e9bbd9779c00820ac4b453

      SHA512

      ad2e0398822b2a43b3ea96c20e59ba35eb9d3602a999ba88e5b0927962719f02926e7f682cb2f5b2446b0600892396c7dfffeb7a359ac88b9c604fb97b34cc44

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3153d950163a2920f329deb7dd7fad9a

      SHA1

      2092d8635db98a484a621231945f57fce64f04be

      SHA256

      4dd87383fee210f8703174a3c210bbf354e1a8a4b0aa3dd075e42082e7f7623f

      SHA512

      a93f33a96efc6f2e537f80bdb2d82a77bd366fb8a3cb9bdd55835af1800ddf2ffbc7b185ad69d58dc21a8c5c07b8f6a36c68580a9d6b1a086b3b6734a2d840ed

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3572878899b62e4f8b2796d3e8f4af95

      SHA1

      b551b495223b89fa41509dac5f697042a0f280ee

      SHA256

      fa74fd2a5c875336eca2eee5aa7d5ffd0be69b2daecc714c11add566b504ba4a

      SHA512

      df6a449aaca16f51ca835feb664c1a27e6360d825b5296030722280507e211d6242b88abd772bab2bd1a51f788a13a3137089f10f88fb3ebc52b275eebcd91a4

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\0191916ca92e58eb51ff73d57dc8f08f_JaffaCakes118.bat
      Filesize

      266B

      MD5

      d8cfd46cf3a6c420bad95378e4c710f2

      SHA1

      c3f00ad2dc9c66058b40a5eda8385ed1faa31164

      SHA256

      547153b559f9c6a62dac255a24f84be97391715cabaeef1057a94a9072fe616b

      SHA512

      9192d92a498d6ebba2a2b8ec46bf4ccd718613f8c7d14bc791af858e336e50c9e027a4cd276a49fe844a2709d3728c47f1f2efb0bb362af9fc81db0f316645e9

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabBB6.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarC3A.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\tweBF2.bat
      Filesize

      185B

      MD5

      e8b8806521f7f026312c71b6184c8ae8

      SHA1

      87601b049eafdf767de8ae6a2297675d8b376ca3

      SHA256

      059de26c7451eb31aef00966456bf1c3477587b7b2cc4def912acfc0af8bb69a

      SHA512

      abce74751381bc549b1d602bd9eb1eee923336e0b179bda1b5fc7dcf6a69d48183b2c2c9baa877350dd1191b608ef7fc0e3aa40e5d4d1c186bd28aedc061abcf

      Download Submit

    • C:\Windows\SysWOW64\winrge32.rom
      Filesize

      32KB

      MD5

      32aa5fa1b78b19d944a4c37b9f3405d6

      SHA1

      d5d154c5d892d4f601024c22509dc96fcfd56b87

      SHA256

      ab7832fcc2ccec82cabfe1cad1ae85c0121843780186ef36b1f9f1928c22433f

      SHA512

      1b4779037b0b975ec7bb86124524cefdc9a6316156f5eedf6d3f4879285c262d5554f3274599cdeaa06212df7bb68bdd5ff9b8b26c317e460fca33e3542d968f

      Download Submit