Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

1b8a81b61f...18.exe

windows7-x64

7

1b8a81b61f...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    01/07/2024, 13:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1b8a81b61fe1a1ece80f40852d03a6ca_JaffaCakes118.exe

  • Size

    11KB

  • MD5

    1b8a81b61fe1a1ece80f40852d03a6ca

  • SHA1

    744e9682a04e8c00d3730cd542ac5e7ad77c11f8

  • SHA256

    d7e9347cff0a57ab6c738085d72a0f9136cab62319b8c717963559041979d9a7

  • SHA512

    36105817650ace5c0d84c2373d545f4b39b91c258798993d50ba8f3d2bd83b0b7e8939cb10f6f750740e035f7041390d7349e89ea71928afb1db0338fbac8399

  • SSDEEP

    192:eWIuXzIbJXS/3VGIqEhMiqOHSEMKkGWrrCFBVu7Br9ZCspE+TMIr3/bjOg+vtwJF:JIuyCvk/EhM/OyEJtWrSBVLeME/bjkg

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1b8a81b61fe1a1ece80f40852d03a6ca_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1b8a81b61fe1a1ece80f40852d03a6ca_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2540
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://ads.regiedepub.com/cgi-bin/advert/getads?tohto=titi&did=1077&soso=sisih
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2996
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2996 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2312

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    134a4899b08f766fb4aa42d34c82b947

    SHA1

    0b9cb747957d2738077d540a6315e26035b19905

    SHA256

    f8a5a812c3d38d0af1c3040e68e786e83f6d5f326f077fe930301db20e1fe9f5

    SHA512

    7d87c2a9ab9ff571f355d43bffa58c1b1eea020c12d61676a8300e21355920c521c47927ad526cd3026b3b3f179964a26c86b1e370b4a869687a72c50f9f674b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a49882db934aa8ee7bd1671916d4b668

    SHA1

    29845bf7d6ecb19e75bea5f272078047cf925add

    SHA256

    7e09aaef50eb1a0c75574bc4fb0b689344b43c2b29ef51948fbf5801160ce187

    SHA512

    35ee666cf4e9ecf8d404fcf5184296803ff96d10e0ac9fdf814607260201d3d799f899c87b378d40ec51886f120a0802f14638ae6ebd7d8dedff6f6695b08ef5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    570e0bf5291acbc5349c4e46c6360a64

    SHA1

    ab28ecca330d528fcb256c9ec663e7be8e302c56

    SHA256

    cbe84cd8aad0c58e89c35fbaf05bf1a457bfb4aab1556ebeeed3c612d1b3fac4

    SHA512

    2c65b1a69e416e77a9ad0ac9c8ac132150dbcfe417d483906f93aa3c171689c918cedcdb43cc89c3e2546522bab645bf6c4ba53bee66c22e0fb18d7186860931

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    abda133340942eb6ffb11f1ea9967491

    SHA1

    5ba04174697f223781d6f522482359f276843b95

    SHA256

    403b9870564af5c09b3e093244d1ddb861ab934f05d8302536af7f8b818776c2

    SHA512

    e44672e0a654d3f4326d348cac1f210b15b9d26d657bdd7cd5d78befb1ce7a7938843fd1bca152e8544e8590c563e75fe21acce53c57294c0b70941a223cc9b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    57e6e168ce8aa1eab8a558c66b93c1a5

    SHA1

    42f5c1ccf0b20afd60fc0fe2ebac657c0f4f4fb3

    SHA256

    fc020b9019f66510236bdd1329251c1da049f87da1a88dd2bd06d43d881a7ecc

    SHA512

    4ba5796b9660f4c1cee0c0266b519fa5fde684792af9dda34df9044e4d5e0b95974894f69fa4cfef4870f2355d005a78dc81e0cfe7643a7a8fed515f873ef9ce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    031101e4669a8842b40346ac57037397

    SHA1

    44fc227e7ad8d708d29eb1aded77aa813fa307cd

    SHA256

    4f25b6f6992a51ad0d3aaa1eda2eac4fe14a0b0db54ed35e608cbd71eb61f96c

    SHA512

    e97649ac02c0e63bf876f7b4c4c61ccbeb37a446f64e33fc51035d3e1d357bbfa779ea0b1c722ad80c7b489b4559961890ee036f4b3c0a1dbb38c210d244e6bc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a5670e083b384fcfc8ef7dd593a46ef6

    SHA1

    ddf057e8cb28e2b90faa08396c04f8cbd3e60849

    SHA256

    23a28a896b5f3de135a12cba0c2c08fdb3bf9a2a5379995fe676557a20db0ee7

    SHA512

    37ae6528bc7d398a6badae24cd584a459b373ef9ea1bfd125f0f574fa4a5cac7dea244073d728fabb3a0457f146b4db0c0b8530afad3191be2af70c3addff944

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    22f16bb6cccf6d3dfe198f2aa2ecf37c

    SHA1

    fdfdf90fc101e7a544a9d954a67e84c9e919666a

    SHA256

    3bdd19a0a307b1e8726bd7a44951547a6cc4753fd0299755e6bec9fbd4c98dae

    SHA512

    d55f8c95294785107d360d529b26cdfe0c82d934364f8eb7f7a0441a0756b49abc2dc8f428c8b6860ee9f836457e37660d241235f2d8f31b0f82be17aacca02a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    80da92deb43ad54df48523e35dd40592

    SHA1

    40b87ded5883c0babbe7b77a8927390230cabd45

    SHA256

    bb8ef76e91f9331f4e6521bd2015a0e66893b8b231965c5353d74f0161f96d43

    SHA512

    b893fc6db0b4c684793407fa2d9acd81ebccf09c650a0098a261f8ffcca3087ac024ca4970d36fe979d1f4529f77e7dac362292143e138995592c698f17e68b7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ee14a5b1c354ce910d00d1c8ad84c8a1

    SHA1

    23b513fd4a537655252caaebbd16bbdc82e0e297

    SHA256

    93c99e34526f34e986977488651e72b47f5db8f27e79ecd768e5208f0ac2e8c5

    SHA512

    9e0c28c5293acf2b3b1370b044937ac48e852e2dc217f6e84540c4e8d3d0698ac7e4c6ea5a9e0940bf0785a81672f43bb3e692c9d8e6f644dda3497329669f53

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4c4da1e3671a49dde264323f6525781c

    SHA1

    3279205e5fc7657526b5c8168e855c2c9e7e2abc

    SHA256

    038c893cadcbf464bf0b147bf9d7ae70af10b1717aa2e0c0d431da77fd893773

    SHA512

    08c9f2bbf0508fb2a2bce90656e529c37331b9e6f247f6da0c157a129255d40b997efa0181a2687f120711dd17ed707eb6fff88b18e63b540609169f8b434392

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab41B4.tmp
    Filesize

    67KB

    MD5

    2d3dcf90f6c99f47e7593ea250c9e749

    SHA1

    51be82be4a272669983313565b4940d4b1385237

    SHA256

    8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4

    SHA512

    9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar43FC.tmp
    Filesize

    160KB

    MD5

    7186ad693b8ad9444401bd9bcd2217c2

    SHA1

    5c28ca10a650f6026b0df4737078fa4197f3bac1

    SHA256

    9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed

    SHA512

    135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

    Download Submit

  • memory/2540-2-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2540-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download