Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    143s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    24/06/2024, 12:23

General

  • Target

    087ba2145094b22f951a49afdfda3239_JaffaCakes118.exe

  • Size

    172KB

  • MD5

    087ba2145094b22f951a49afdfda3239

  • SHA1

    19b17a6c7b676770ca34b7c554c1ecbced427a8d

  • SHA256

    3efc1ca8c300134b53a71039cb21fd43306a31773a3a9b755d927ee92fe727c5

  • SHA512

    e38741bb07edbe33523f25623405307c5831f1a7d335ae3c811418c8f209cb25e58d5a088e8c9b731d83f0e60d201633637437757a369d09a553f2b0d7a2b657

  • SSDEEP

    3072:6uZgPi91VPdIuG8UvahsdcYX3UI2EuJ3im/ZCdady+RlTp/VYq63+s:6ZPi9PBUyhsdEI2++M+RlTHY

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Drops file in System32 directory 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\087ba2145094b22f951a49afdfda3239_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\087ba2145094b22f951a49afdfda3239_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1924
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2604
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2604 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2744

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\msi.html

    Filesize

    1KB

    MD5

    9235d74601a66d4b22924a788699e08b

    SHA1

    0b72c6000276d751d7d070fefbbc5d502c0c7ffd

    SHA256

    d9a13acdfdcbfe102457dfe24e1eaa1fadc166e5ab296f46c89e1739733f4bc4

    SHA512

    8466f5153a68cd327092535891d7663811b8fb524a1f02cc4ca8258dddf337b56da14799b53cbb42608a836fc9ef7df56d67535346108c468fa9b991abb3370b

  • \Windows\SysWOW64\MSWINSCK.ocx

    Filesize

    121KB

    MD5

    e8a2190a9e8ee5e5d2e0b599bbf9dda6

    SHA1

    4e97bf9519c83835da9db309e61ec87ddf165167

    SHA256

    80ab0b86de58a657956b2a293bd9957f78e37e7383c86d6cd142208c153b6311

    SHA512

    57f8473eedaf7e8aad3b5bcbb16d373fd6aaec290c3230033fc50b5ec220e93520b8915c936e758bb19107429a49965516425350e012f8db0de6d4f6226b42ee