Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    119s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    24/06/2024, 00:15

General

  • Target

    053cf238e7934c1472fd6e99f73d8aa7_JaffaCakes118.exe

  • Size

    582KB

  • MD5

    053cf238e7934c1472fd6e99f73d8aa7

  • SHA1

    785512e3b6521d75de938be8745bfec6c6523d18

  • SHA256

    d2d9a048e2543d8c41c8db1683f6872472b4253cca2ca21fb4db6fe7113b0b66

  • SHA512

    acdbaed925d335e09c17cfe3bf480ac7e5a51bc552eb3a3eb60b0752555504decdb81a29403b9d95abf66cab22c220fd44d756275639f3b8c511d4beb0ced7c4

  • SSDEEP

    12288:hYFBsdyQrOz4uwSI+KoiwMZPzPFQuh3a7KWh0ZPPD5VoxtFakcekVMWfJ:hfyaA75I+1gzPFQAyPhkXDCSBerWfJ

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 23 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\053cf238e7934c1472fd6e99f73d8aa7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\053cf238e7934c1472fd6e99f73d8aa7_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2184
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" www.cnshu.cn/toptan/2rlzy.htm
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2204
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2204 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:872
  • C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of WriteProcessMemory
    PID:2652
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:1840

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1e4e8d5b3a38547e8bc4bccf382f194d

      SHA1

      a1fb537791c5274b1d235184ad70324d08977645

      SHA256

      9d24a1f4bad2b4c08af4cb714e38fee1281926af04a56b8f0adf8527b64784fa

      SHA512

      a7eb2e90fba958b620dec2eb5cfe81584a9cd3b9f4ab8a1a0f09815230eec060949949170883d6dd6d2191a8c970648f793d47a41b369c557a87a253a7c94eb5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      567897e8d769f8dcf12b057e2f2a366c

      SHA1

      301aad8198c0fbf325cf7ef3d83c3811c633e980

      SHA256

      3eb8925db3df07eb89537f0558d5ce1555bf9c01ab6087c56fa2f18044e18d74

      SHA512

      e65534368ff7c9fa9f50d03aabdf355dfa17a4a93a95e970463c841b782b50b73245ecc4b4c020d5b7022aa3b14476fe7ffd5e91b10235752fbfb0151d85f8e2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      96f7f4d3961779ea22833a3ad6738d71

      SHA1

      f98c18b96c2ba07c4f1ab77c770f4720214ae6f3

      SHA256

      d639ef4c273dfd5c371ff27997eeb8a51702cdd844599d6ef5109c7927315e22

      SHA512

      6a7b15a4e0ba71d4315c140e31c9c7baf1ab1935eb848e3b3802ba5587fee7a446b698327dbb3a3ad6d7f743921df0a6aec78e25c8b31c2bc3fd23f0fa7e6c06

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d78b0b52222af391400c25d1e183f924

      SHA1

      0e2c1fb2994b7e41457425fa2c6a007e29dad784

      SHA256

      e3c9803a8e27306cdc18ba2c418f9f93f6fb545f3b942e47ed708ac921d5e15b

      SHA512

      0416ce8f7530690ffbd3114c4d7be0d1247fea17929efd97349df610c4c02c2463e7cba9cf2045e88776e70a26950c64d984be7487dd01f23d97973ad3b90e4c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d91d0f129d3eb979d75f7ef0535b32da

      SHA1

      4e17c739450bc8f17e78a54d8f31ff95e336e3e2

      SHA256

      b73e2e6e1ff73178cbff726136a2e011cada59cc22b0f502f44b355c767dd9a6

      SHA512

      c6b1f0be3625cd062510957b73e446d37369e6ec3f2cd53e023a7b35b1c8bcf0278d7f44ef4df4afca5e770f06243b7d7f83e374fa219fba28f20490340928e5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4b1ba02ec7e0d529f1fe6a1ac381c466

      SHA1

      43be4b617628fdfe1eb49a05eabf1844447151c6

      SHA256

      e4f673e3080d44efc48fc35c666dd878ad79abdd9dda115ba1ad2d41bd523912

      SHA512

      eb868ca4270e9f453f8c9b98c0e9dbb00d7b4aa5e5eaacded94f2bb4321787ca282a9b9cfcad9a666e567c88b4557e0ffc17f5a76433174701c2077f617e72c9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      77ad9f6e9abeab257bf2ead25ea0122f

      SHA1

      11ff402680a114dbf1b82c669f40e770b034fdb6

      SHA256

      deef989f5aa933e2be5a0da0bc96ec610656db525aab4f4f22d91e9fdce4533c

      SHA512

      f4253d5c41cfda7e7a4f4b3a12cb5419258fa8cc4985219f5b30de04d230e7c982f84b148e37e1451bdc545bddad854b1550a312c5025765a4132ee1e0095fc4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0be0943d218562f238a1e1d14ede488a

      SHA1

      8ff3602bb3cc511a2b59f7a3859b38ba78183001

      SHA256

      30ddbc89a0a0b9e4cb890a433647c3630595b6828be324d1d00fc5b8bcbb9381

      SHA512

      883949f40daf327fd4f86bb319a412d2fdabbf575dabffd88bfff6c6c59772a3a885f5bdb7b944064e9f9a73385749c8bb45361e746316affcea33eaa50ce977

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3dc7b55cbbbfb3305abc7c2c467a5a2f

      SHA1

      82332f90b533b65ce879ec36cb9c3adc2c9f59ed

      SHA256

      0774faaa2db2d6ad4883a448edf79e0e35b092b3c740d9459bb55a9f647ed2e0

      SHA512

      e3ccb0b374495665de928ac08087fe440b6e745f535a601d7f31fbb6ef35e83a7e0eafdccd78c55985c0b78206c6e79829cadc4e50bece563efaa79a7a497cc6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7917e1017ddce5c30cbff3f7a0566777

      SHA1

      d21df27444fa2ebe46916b6481290c63c3526257

      SHA256

      0617783c202c7527b285fe30bacd8b547b29f2fd575930140ac04b04fa1b3ff8

      SHA512

      56fe52a45478213313da9d0ac07175f123a4524da85b0e2e9c9517ea748b09d5d1b98718b6a4610f45410420a50f4bfb5657510f601568165010ae0c222014cc

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9d81ff20a47fc6d9aedfaee697068212

      SHA1

      6dfe965842142aa5e2d3971e53bab8cb6916679f

      SHA256

      9626d36a09051de710387a0f8beda2b5826a9f5e3848573b49ddd4ed88091d4d

      SHA512

      e7c4207f6a717f4b27a732612e0c302597a7405761693e342ad4f8717b5b2c504b6291818cf0a56af57438a5f70a4267aa21058cf1c5972c118676a854a5da9f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      885e7fe05d3eed2ee654d06998f1fa35

      SHA1

      68d522097c22882430d177c6b39eee62f3ba7f13

      SHA256

      afd8dbf3672e9d3b7f819182389dfc7f4a221c74ff60746b91c07b9db06619df

      SHA512

      3883aed87d4cec186ac64cd86f1e9f274d75a80c17078a14fb7aa910dc2c1684e0fab97e06ccaf1a422025fc585751247f99ebe64073cc9519fc2814b1bc6cfa

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      08baf58d1fb577ebc02b5adcafd3ff33

      SHA1

      c11dd66986e929a1f461b304ec72257e103df98a

      SHA256

      e5a2b5d83ba5f64e77bf114378361afe1e52756258d0ba1c6003bfd50e6e6278

      SHA512

      02edb3acccf20b637373475ea50ee2fb95f0d97490031408da232fc931d5389cc0c2115e6f341aea129ab6e0be114aa1d0bb8eaf1d5eee1ffe14713286d860df

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      26b1f8510d0c52d6310515d244ba7177

      SHA1

      f72d7acd16c710528f190a5d741c0b4fe9db1ed2

      SHA256

      fce604b5594e44ecb7c41bf82802f76c533049a4d01f881e2f4ae1b96a8045ee

      SHA512

      d9bbad7aa50dac5c170feb66f7bed50dc117bc7b276ca9ca1123dab955180f215a310de66b952208d1920efee7a9de5865ac71362d829c024874ff51cd9e10cc

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e18e53788de5a5f7f37a20961e2937db

      SHA1

      b4709ca0e2a704e4e98eb523691398ea6371330c

      SHA256

      65449a29589ada598a452ca39ec78419b190b8504f339fe3072f451b31f2a659

      SHA512

      2db67939d456cf44fd455c2ded8b3de3e015800af8038706b15f3d31794affb8fe16b1e1796463938444c8cd0f5a26b144f1da44a0c68fb2ed02bcc7bf2ecd00

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c3bfdc7971d76c284d46de6e87130e13

      SHA1

      b29cd2aeb8431f854512a28558230a2852d14a7d

      SHA256

      c96afec5b56748c15e3e3c98bb098b9152141c182db6c3e31ed4dcb5f6d9a3b5

      SHA512

      efaf6ff7496fa0e59b8cf788ea0315199ab43e760d48b57e39856b659c6d285f00cc307a2bee257945e4f12e8f49319106a05920cc06b8d28f95aeb6bb5690c4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d167c70fdffcc3658b65bfe42e44b3a5

      SHA1

      0f13366fbc7d22b60ac0285b99a1cb2800f0595e

      SHA256

      98464b092a364829f1799824969580118a5eff1288d48ec175de1983077ca515

      SHA512

      c5e4d04b4b502c12182c98e347ab0f906fb02dda8bafa49ec9dbc07157c57271b64852aed64e30bc8b97fcfaebeb5996ee25a16a3677874a078f1b658274735a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d7dfa2143714236ff781836e0b8f86e7

      SHA1

      08133d27b23b57c2fe8d3a02c94b42bfd32a8058

      SHA256

      c75249232b66a8af2fce769463b46a7f388f53c071a36b2560b11768a4799be7

      SHA512

      043946f79518741f96056b162d8c1ec4e7864cf0e1f6979734940c6332cb5c6471dac2b4c6f9f9bfcee3670c16ba0a51be5a30db90984dba732e52feec0474b3

    • C:\Users\Admin\AppData\Local\Temp\20241\11588\9862\2431015487\tmppp1.ppt

      Filesize

      81KB

      MD5

      45729dcbe476efb18ed0aed0605e6f2b

      SHA1

      2f3a5261d439473a797c14233fe44489ee26bdab

      SHA256

      f9322eb48d646bae91353baaa5e0fd08efb93dfe3ff71afe341423309d4a65b2

      SHA512

      b46d5507d565e07a0e4cd6ca729d1404789ecc65660eca681181c99e68b10114f4803cbb3ef9c2d0f5e36870b69ca2988d6bb81aa591f576e476d2e8803c4d3b

    • C:\Users\Admin\AppData\Local\Temp\20241\11588\9862\2431015487\tmppp1.ppt

      Filesize

      264KB

      MD5

      de84448d90e7844e888ab0cbee3129d3

      SHA1

      33e5e10abf5962c50fa7bf097e73904e36c6835f

      SHA256

      8bcaaf20084764749d905302edf4de2f3955a717cad27ace85cfe7f64c932bbc

      SHA512

      60f259662c0d22ead126721ec135e68c5eb2d73c67f234debfdc6dfe61419c72730cc7773277e85efb20ffeca75d7a834c834e1b9f99d7b74b0b76e5d581d597

    • C:\Users\Admin\AppData\Local\Temp\CabFF0A.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\TarFFDC.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • C:\Windows\SysWOW64\opfilejlA

      Filesize

      70B

      MD5

      063daefe72aa3aaa408fe809454137bb

      SHA1

      fdcf4e3cad79734ce67054aa55931af7363393ed

      SHA256

      1b3724ff08d35723f26fabbc8262c5045069162be162eed078c73de36f764dad

      SHA512

      7145d5f712dda3cc8e0312ca939889e3a63b908ff2d78554df093ba626726e41264d3354c653a4603ca85070dfba38e32c8744fb4d5f5037395db875c3b560b0

    • memory/2184-84-0x0000000006180000-0x0000000006182000-memory.dmp

      Filesize

      8KB

    • memory/2184-0-0x0000000000220000-0x0000000000221000-memory.dmp

      Filesize

      4KB

    • memory/2184-87-0x0000000000220000-0x0000000000221000-memory.dmp

      Filesize

      4KB

    • memory/2184-88-0x0000000000400000-0x00000000005A9000-memory.dmp

      Filesize

      1.7MB

    • memory/2184-112-0x0000000000400000-0x00000000005A9000-memory.dmp

      Filesize

      1.7MB

    • memory/2652-73-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

    • memory/2652-72-0x000000002D421000-0x000000002D422000-memory.dmp

      Filesize

      4KB

    • memory/2652-83-0x0000000002590000-0x0000000002592000-memory.dmp

      Filesize

      8KB

    • memory/2652-111-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB