Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    142s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    24/06/2024, 00:44

General

  • Target

    05d7368f45843a53ea250260a936020b_JaffaCakes118.exe

  • Size

    1.1MB

  • MD5

    05d7368f45843a53ea250260a936020b

  • SHA1

    5eefa152c6e9cf9131694ac445c20bb1dfdaffeb

  • SHA256

    ceffd78a821d7cc8108d59cd70b2c4ac0d96602f0cf32269679d22b54718a8fd

  • SHA512

    6d12764137824a371967c3c7df8f02c48f05fc78fa45acaa11991b87ed92eed6061248108320ab12f694bdd6e2d67357dbbf5ef6bc96fbc6f4e8c9cc1c0287f2

  • SSDEEP

    24576:Ktcl2DG/Ix17oS+4OmwS4Luiyk9tNp4nY/kaGY+gF2tYSuaCZvmWR20kn:KBin4NwSLRk/4Y/jGYctnCZuFbn

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\05d7368f45843a53ea250260a936020b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\05d7368f45843a53ea250260a936020b_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:1976

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\mlng_EN.ini

    Filesize

    8KB

    MD5

    aa5a931a734ad85b7c149b04dc018350

    SHA1

    510b5e19914944a012f14295137f056012213f22

    SHA256

    187ee03ff858418849fc4dedc1ae6ad5a8d1778a3da6a26fea1a44517c9ecb34

    SHA512

    f165f6292643e695831fabc9efc1c2f3855d294a3ad54ef745eeece6298d4d5b52210a3950c751b26c933abc2abd48d3ef504a596a9e932f69901d73187731f1

  • C:\Users\Admin\AppData\Local\Temp\mlng_GB.ini

    Filesize

    6KB

    MD5

    45372c4acb71f52149864766ed8b21ff

    SHA1

    48a1519c789891c1295cdc7c58696a1b8f5907af

    SHA256

    6a0fd22eb05670716627d24db26e0efe39a8f6802d302bdfa187a0d627474a7a

    SHA512

    9c2cdf48f05c220dd679c415b0f20cd148450cebbba926fdf22687d7ecddb73f16077cdc1cf76088e9c20739e46f43cff841b080bf90bb24593df0ddf0735522

  • C:\Users\Admin\AppData\Local\Temp\shell.ini

    Filesize

    38B

    MD5

    6155652e608cfbcf3a6c23ed9b7ccd21

    SHA1

    96e6110dd1f7991bfc4f4d4b967e36dc14e1858d

    SHA256

    bff01dd0bbe7d995c5ba9f90027c08f2deb8f81dfa8b5e9628208d015cb2d872

    SHA512

    ad101c5cd7d2d2443207ff282ae0d6f240e07f1b32873ff2d710d85df90119c9be1a7054a7bc6a687547190b38ee45ef15443571acb12272d0c5f3d6275dec79

  • \Users\Admin\AppData\Local\Temp\msnshell.dll

    Filesize

    1.9MB

    MD5

    e5cb5db431e05f9cbb240dde14d047ca

    SHA1

    4b4534ddbd0342feebf0b5dbb4cd0aae5f8b2468

    SHA256

    124bd8133828e88e461b4423966cd83d68427d526e80b38a0a20dc13db343e73

    SHA512

    189ae327bed1d1b9a2f5a6f5b49e723b385f64c018bcf490aa30fd91ccd836b5087253df92d1fb9f4ba09802d27da2ccba8fe24c67528bd6f0b3c7479aece4dc

  • memory/1976-64-0x0000000000400000-0x0000000000677000-memory.dmp

    Filesize

    2.5MB

  • memory/1976-97-0x0000000000400000-0x0000000000677000-memory.dmp

    Filesize

    2.5MB

  • memory/1976-42-0x00000000031B0000-0x0000000003396000-memory.dmp

    Filesize

    1.9MB

  • memory/1976-33-0x00000000031B0000-0x0000000003396000-memory.dmp

    Filesize

    1.9MB

  • memory/1976-52-0x0000000000400000-0x0000000000677000-memory.dmp

    Filesize

    2.5MB

  • memory/1976-54-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

  • memory/1976-2-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

  • memory/1976-75-0x0000000000400000-0x0000000000677000-memory.dmp

    Filesize

    2.5MB

  • memory/1976-86-0x0000000000400000-0x0000000000677000-memory.dmp

    Filesize

    2.5MB

  • memory/1976-41-0x0000000000400000-0x0000000000677000-memory.dmp

    Filesize

    2.5MB

  • memory/1976-117-0x0000000000400000-0x0000000000677000-memory.dmp

    Filesize

    2.5MB

  • memory/1976-128-0x0000000000400000-0x0000000000677000-memory.dmp

    Filesize

    2.5MB

  • memory/1976-139-0x0000000000400000-0x0000000000677000-memory.dmp

    Filesize

    2.5MB

  • memory/1976-150-0x0000000000400000-0x0000000000677000-memory.dmp

    Filesize

    2.5MB

  • memory/1976-161-0x0000000000400000-0x0000000000677000-memory.dmp

    Filesize

    2.5MB

  • memory/1976-172-0x0000000000400000-0x0000000000677000-memory.dmp

    Filesize

    2.5MB

  • memory/1976-183-0x0000000000400000-0x0000000000677000-memory.dmp

    Filesize

    2.5MB

  • memory/1976-194-0x0000000000400000-0x0000000000677000-memory.dmp

    Filesize

    2.5MB