Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    147s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/06/2024, 22:59

General

  • Target

    0b1e864b222d300a39e03e7f391c76bd_JaffaCakes118.exe

  • Size

    617KB

  • MD5

    0b1e864b222d300a39e03e7f391c76bd

  • SHA1

    ff94e34249b1fac21c6c08a8a61c54c1fc34605b

  • SHA256

    929435a5f3423df3469feed300627691142af912ca78ccd2f4e5e0db0ff78143

  • SHA512

    fd219b1ec7a18adc343d3b0b8a9c70af899c7a9f0fa8932de8a4c8754dc6f714ae1ee901a81d87f0aa8a8ed7048c410c120404dd6a120b3081d428c75ce24c37

  • SSDEEP

    12288:HZjMLf11MmPQeRXEHYYS3gA0FJO1t3r6Q9A:HafIiy4NwdLpQ9A

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0b1e864b222d300a39e03e7f391c76bd_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0b1e864b222d300a39e03e7f391c76bd_JaffaCakes118.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4528
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.jipinla.com
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4852
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4852 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4924
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.1234.la/an.htm?dn84
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:592
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:592 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4648

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6ABA0D7C-327D-11EF-92F1-D6AA8B0874BD}.dat

    Filesize

    5KB

    MD5

    d7c17c58d8752209bd64dc21697e4c74

    SHA1

    d37cc8b15ed4e5a9311b0ae7246e820a83066499

    SHA256

    a73127504b4dfbe410b7fb59a87a8fd6f2139451e61170090e90203bd6b9fa20

    SHA512

    6a221f4e90cf9535a4f09e005a7cd58fb1e3ace9d3a65bee3dca7a0091edce0190bc0de0bca64dbaf1c4a496191df392884713aa46836001fe3c5dac1414388d

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6ABC6FAB-327D-11EF-92F1-D6AA8B0874BD}.dat

    Filesize

    3KB

    MD5

    b95638a963ba53362e936627b8bd8ab7

    SHA1

    5eb91754554aef452287f36b2bdeaab5fd11a7c7

    SHA256

    c7e1bc93bd33ca94e6bbf0e853bf57a89cbb33ba7daa624f9d7e293e19637dfc

    SHA512

    8c4f6f4b32916537cf926a82d26b08bb179cbafff95f15c63b1d3642feb6d3ca58367bb5ecc29941a1a2b3bab91cd90ee021868566cf043c645ec2a5f09d3661