Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    141s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    23/06/2024, 23:58

General

  • Target

    04ccf0e82bcef6ac962066582de10cf8_JaffaCakes118.exe

  • Size

    1.3MB

  • MD5

    04ccf0e82bcef6ac962066582de10cf8

  • SHA1

    ca26d12266bb197e350e6d7b142f85b5c4bb721b

  • SHA256

    92e2fc19cc1cf1cf17e0746ffe625103d1285af13870a0848afd8482ee2f6518

  • SHA512

    e875f9bd2441ac8e117ff44d5610980ed93882c038962784aa13e86b0bb8c9eb56d77143eb278c1b15d22382fa1625c523a80a8974f8240624535893e69b1a9c

  • SSDEEP

    24576:qfTqlXxhVv0SC/4VbALSIv+mbEclKxNvXbzugMquaSmQTYeH1UJK0Sd:qLSJv0SCABA+W+mbdlKXaNLaM5Vc9U

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 28 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Office loads VBA resources, possible macro or embedded object present
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\04ccf0e82bcef6ac962066582de10cf8_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\04ccf0e82bcef6ac962066582de10cf8_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2108
  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
    1⤵
    • Drops file in System32 directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2676
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:2000

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm

      Filesize

      20KB

      MD5

      e84ef40a969d23ede0fa1de0b9b5ec00

      SHA1

      57228904dc2508e6d56346e990322a23a0930ae7

      SHA256

      413110d390229baab5dda330165586eea731af25fed9e36ba4b17fabcc0215be

      SHA512

      fa238e15cea70fe24419af8d2ee0041253ff60b374dd4c1a547b894356535c2215d584400f44895fbeff3041035272a399ebe677a41f039f1edc7290134ac924

    • C:\Windows\SysWOW64\yytmp1\23522358522\tmp1.doc

      Filesize

      140KB

      MD5

      1b569713890e43a0447ec8733c9972ac

      SHA1

      a17114e3f062d914a23eccb71ec2171561574724

      SHA256

      51beb3b60f407e97d388c9d2febc004d8df1b7c5e1373eaf77c9e5f815debd5b

      SHA512

      b659d9f5763821429d1101e8da6e0712dd9b64572d1b289d2bbfcae36c3827deda25f68328355454f2a735190f1667cb7a8d003ab5ad78d20c2bc6c634fbd460

    • memory/2108-0-0x0000000000220000-0x0000000000221000-memory.dmp

      Filesize

      4KB

    • memory/2108-33-0x0000000005D90000-0x0000000005D92000-memory.dmp

      Filesize

      8KB

    • memory/2108-54-0x0000000000400000-0x00000000005A9000-memory.dmp

      Filesize

      1.7MB

    • memory/2108-55-0x0000000000220000-0x0000000000221000-memory.dmp

      Filesize

      4KB

    • memory/2676-20-0x000000002FCF1000-0x000000002FCF2000-memory.dmp

      Filesize

      4KB

    • memory/2676-22-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

    • memory/2676-23-0x000000006F98D000-0x000000006F998000-memory.dmp

      Filesize

      44KB

    • memory/2676-32-0x0000000003DF0000-0x0000000003DF2000-memory.dmp

      Filesize

      8KB

    • memory/2676-57-0x000000006F98D000-0x000000006F998000-memory.dmp

      Filesize

      44KB

    • memory/2676-86-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB