Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

05539bd15f...18.exe

windows7-x64

7

05539bd15f...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    20/06/2024, 10:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    05539bd15f21bdacab48882b2c427d66_JaffaCakes118.exe

  • Size

    13KB

  • MD5

    05539bd15f21bdacab48882b2c427d66

  • SHA1

    23918fbc0dc78fadf673d040cfe6bbef56f00bb0

  • SHA256

    18dae28c0de3917a9ccda0c84b16593567f557cc071afec343939cd326a3327e

  • SHA512

    b9ee8d62e84404ebab2a1bbf1bf050fe2ef35d8b478a3f8884e2e719adda2153924f5783226b9d8f0038b425210a3bfc177bc941cda19481038f929557425cb7

  • SSDEEP

    192:Lm5POEuXky9WA0d33vg5Twv7E6qM7su7Br9ZCspE+TMIr3/bjOg+vtwJrxZ4:UuXkylCn4o7N5sLeME/bjS

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\05539bd15f21bdacab48882b2c427d66_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\05539bd15f21bdacab48882b2c427d66_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2016
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://ads.eorezo.com/cgi-bin/advert/getads?did=43
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2196
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2196 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2188

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2e72b8d54b0ce4466cd320c817dca15d

    SHA1

    2c484176c9c6178d571f94942ab702146ce44591

    SHA256

    5567df0a136e8351d6802edf52b511f9f729564d9b3e64a4b9131043907783df

    SHA512

    7cff0220a2d03df0dc1f09a879a0ff5471d3f7e81e0c022980ca7b17ab209cacecba330e2b558b51c2e04fff7a6affffec74c523c32217f8529a9bd8763308d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7ffced88ef0d3b7bc4ff4edb4b516565

    SHA1

    f1ace5dc1fb1f8861a0cd5e3587b62fd848f25b6

    SHA256

    75d78e4a9d411505ae5431acf93619867d3b05508361f8979cbbfef39623c22d

    SHA512

    e5ae00fc77230a43884e88811f1d6592216633fb52b13a60d4bfba7eda4ac254dcae787a6e9fb406444b240f561214a8cf29b2181988985897b64bbcfe63b2d4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a9cb9ed8bbca92f5a39e6ba8aa136d17

    SHA1

    020f6d4ff850c8f1643750f0e62dd7d91de09304

    SHA256

    eaa4e430e45ee502b6a6307dcf48ecdfd5ad583c31a426e646f7cb28ae667776

    SHA512

    21d27b640b534f7e95be46a82818e6f903cfdad4f041874de0086d92ac6cfc7c3b05a5042519190345b2f7c47c26666b0967c4a5505e59dd4cbedcc4e3854ccf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    af3729e775f0760ecfb3f678b2f0c1ec

    SHA1

    f81bf32820120484bdc00b5b8e39a116faddab71

    SHA256

    65a63862e5c6b6d22fbfbaafcd5e92de3bd825dcf05aaebef8dde94ad2b999d1

    SHA512

    97cd7c0f3dafffa1fb588e5feb24af54f35290e7fac8ee6c77b0a77165bd26fac3e4c3ad20d061f06484657f6a0a2d5fe733916d95694f2639c519bf5d4fb30f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2ed8ea3ce84cf6fe4f8c374d00ddad9a

    SHA1

    f16e3e7cff8f2864770d85569793189f4dbba463

    SHA256

    d0b6afcc5a9fce381331d3fec463b997c91eef9f77d6ec5183581e1df4e7ad5b

    SHA512

    1f378125a4a1fef81d5e8bd3ea96c2b2e6be7fa50f695ddb284ee814b25091e246a870eb903956c85f9b1121e20edd5fe1896e0aa533bc7c38138e5440fb5872

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1056b92ca03dfa93edd99b7ddb3767ec

    SHA1

    f115e56f400c764cfc97bf3a2ee6b56fce056a83

    SHA256

    3189da307fbade874e2817798545bf1bfd05ddb5432d8fb0303a9399556f4639

    SHA512

    00fb1b45a9f7b5b4cc4d763ca96f646f119ac8b2dd1eaacb5381cd76b2861407c4f7b409c3a67de27ebfad6ea442eb3becbc97daa8b9db48ece32235bff66236

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d26533b06403e8b2816f6400b5cc0905

    SHA1

    7672c0f5d7600d680360dcb417a10e973ebf3ac3

    SHA256

    7c860811c400ec81ad2bbcb0622d32e547139bd49a81958dd20bd54478792d24

    SHA512

    65186ad567218c69cdea98f66db3a85c10ce45b0ebc9867dae5dca31167e6288cf7c051b2cb63738083b1c2dd21bd990b8a0bab080ba11343c8a524616fa410a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8fc564417d44545efa016d6ae02f3e82

    SHA1

    d71be3b6f3f45864c9b7474cb0b15d9d61eea768

    SHA256

    4a527312a00fa76319ae81a315ece1ca9061a879a63a89edf3e32e71d7b7fcbc

    SHA512

    cb3f3d173d983d99d6cc943bc5b5bcf36da391b229148efa0053461b1a346e7df4b14deecf9d1d18bbb9191759c5bb2c3d5b0fb5e9f457a33796f1bb9e34a445

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    471cfe7dfc3baf0d3522c9ef0fe26df8

    SHA1

    467b810fe439833286c2670fb876d08a6e4c13cd

    SHA256

    089fc59a605e84d58391f6e38c539e69d141308984ca1c6890a9a1593d9ff4eb

    SHA512

    f7cf4c47b3a7594516ee04f4f7911590d2f4595336aaaa9eaf0203f10563459a7203d377b30f97476847d5e68d551120465be905568cefba3c4a888b8ec5c561

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3EB6.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar418D.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2016-2-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2016-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download