Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

1c2702cfd4...18.exe

windows7-x64

7

1c2702cfd4...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/07/2024, 19:04 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1c2702cfd4a2effd1b80c416913529d2_JaffaCakes118.exe

  • Size

    170KB

  • MD5

    1c2702cfd4a2effd1b80c416913529d2

  • SHA1

    a779fdb5270ee57f820dd4212f992950f09907a3

  • SHA256

    0c369fa4e5d433c3bbbcc83506fcbd15ac59de562ea647de9aa0ad51b1d8880a

  • SHA512

    0b41b087d30a63d4ad9de1ffb44a8f4d57829626a6abcdfdb03810dcdd3aaf869526bd01357c75335e4797949046ba8a596c4e318cbe53d2f2166a723a825497

  • SSDEEP

    3072:jt8XV6M5+9eWGConAb6X1jbkdnRmpwa9SeQvFFxGP8sTe51GLhxioutSy:RQ66SGCo59kdRla9pQtqRem7ioSv

Score
7/10
persistencespywarestealerupx

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 12 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 2 IoCs
  • Modifies Internet Explorer Phishing Filter 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1c2702cfd4a2effd1b80c416913529d2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1c2702cfd4a2effd1b80c416913529d2_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3636
    • C:\Users\Admin\AppData\Local\Temp\1c2702cfd4a2effd1b80c416913529d2_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\1c2702cfd4a2effd1b80c416913529d2_JaffaCakes118.exe
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1240
      • C:\Recycle.Bin\B6232F3A651.exe
        "C:\Recycle.Bin\B6232F3A651.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:876
        • C:\Recycle.Bin\B6232F3A651.exe
          C:\Recycle.Bin\B6232F3A651.exe
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:5100
          • C:\Users\Admin\AppData\Local\Temp\3Jo4E6E.exe
            "C:\Users\Admin\AppData\Local\Temp\3Jo4E6E.exe"
            5⤵
            • Executes dropped EXE
            • Adds Run key to start application
            • Modifies Internet Explorer Phishing Filter
            • Modifies Internet Explorer settings
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:3576

Network

  • flag-us
    DNS
    allin2right4you.com
    3Jo4E6E.exe
    Remote address:
    8.8.8.8:53
    Request
    allin2right4you.com
    IN A
  • flag-us
    DNS
    allin2right4you.com
    3Jo4E6E.exe
    Remote address:
    8.8.8.8:53
    Request
    allin2right4you.com
    IN A
  • flag-us
    DNS
    allin2right4you.com
    3Jo4E6E.exe
    Remote address:
    8.8.8.8:53
    Request
    allin2right4you.com
    IN A
  • flag-us
    DNS
    allin2right4you.com
    3Jo4E6E.exe
    Remote address:
    8.8.8.8:53
    Request
    allin2right4you.com
    IN A
  • flag-us
    DNS
    allin2right4you.com
    3Jo4E6E.exe
    Remote address:
    8.8.8.8:53
    Request
    allin2right4you.com
    IN A
  • flag-us
    DNS
    allin2right4you.com
    3Jo4E6E.exe
    Remote address:
    8.8.8.8:53
    Request
    allin2right4you.com
    IN A
  • flag-us
    DNS
    allin2right4you.com
    3Jo4E6E.exe
    Remote address:
    8.8.8.8:53
    Request
    allin2right4you.com
    IN A
  • flag-us
    DNS
    allin2right4you.com
    3Jo4E6E.exe
    Remote address:
    8.8.8.8:53
    Request
    allin2right4you.com
    IN A
  • flag-us
    DNS
    allin2right4you.com
    3Jo4E6E.exe
    Remote address:
    8.8.8.8:53
    Request
    allin2right4you.com
    IN A
  • flag-us
    DNS
    allin2right4you.com
    3Jo4E6E.exe
    Remote address:
    8.8.8.8:53
    Request
    allin2right4you.com
    IN A
  • flag-us
    DNS
    www.microsoft.com
    3Jo4E6E.exe
    Remote address:
    8.8.8.8:53
    Request
    www.microsoft.com
    IN A
  • flag-us
    DNS
    www.microsoft.com
    3Jo4E6E.exe
    Remote address:
    8.8.8.8:53
    Request
    www.microsoft.com
    IN A
  • flag-us
    DNS
    www.microsoft.com
    3Jo4E6E.exe
    Remote address:
    8.8.8.8:53
    Request
    www.microsoft.com
    IN A
  • flag-us
    DNS
    www.microsoft.com
    3Jo4E6E.exe
    Remote address:
    8.8.8.8:53
    Request
    www.microsoft.com
    IN A
  • flag-us
    DNS
    www.microsoft.com
    3Jo4E6E.exe
    Remote address:
    8.8.8.8:53
    Request
    www.microsoft.com
    IN A
  • flag-us
    DNS
    allin2right4you.com
    3Jo4E6E.exe
    Remote address:
    8.8.8.8:53
    Request
    allin2right4you.com
    IN A
  • flag-us
    DNS
    allin2right4you.com
    3Jo4E6E.exe
    Remote address:
    8.8.8.8:53
    Request
    allin2right4you.com
    IN A
  • flag-us
    DNS
    allin2right4you.com
    3Jo4E6E.exe
    Remote address:
    8.8.8.8:53
    Request
    allin2right4you.com
    IN A
  • flag-us
    DNS
    allin2right4you.com
    3Jo4E6E.exe
    Remote address:
    8.8.8.8:53
    Request
    allin2right4you.com
    IN A
  • flag-us
    DNS
    allin2right4you.com
    3Jo4E6E.exe
    Remote address:
    8.8.8.8:53
    Request
    allin2right4you.com
    IN A
  • flag-us
    DNS
    allin2right4you.com
    3Jo4E6E.exe
    Remote address:
    8.8.8.8:53
    Request
    allin2right4you.com
    IN A
  • flag-us
    DNS
    allin2right4you.com
    3Jo4E6E.exe
    Remote address:
    8.8.8.8:53
    Request
    allin2right4you.com
    IN A
  • flag-us
    DNS
    allin2right4you.com
    3Jo4E6E.exe
    Remote address:
    8.8.8.8:53
    Request
    allin2right4you.com
    IN A
  • flag-us
    DNS
    allin2right4you.com
    3Jo4E6E.exe
    Remote address:
    8.8.8.8:53
    Request
    allin2right4you.com
    IN A
  • flag-us
    DNS
    allin2right4you.com
    3Jo4E6E.exe
    Remote address:
    8.8.8.8:53
    Request
    allin2right4you.com
    IN A
  • flag-us
    DNS
    allin2right4you.com
    3Jo4E6E.exe
    Remote address:
    8.8.8.8:53
    Request
    allin2right4you.com
    IN A
  • flag-us
    DNS
    allin2right4you.com
    3Jo4E6E.exe
    Remote address:
    8.8.8.8:53
    Request
    allin2right4you.com
    IN A
  • flag-us
    DNS
    allin2right4you.com
    3Jo4E6E.exe
    Remote address:
    8.8.8.8:53
    Request
    allin2right4you.com
    IN A
  • flag-us
    DNS
    allin2right4you.com
    3Jo4E6E.exe
    Remote address:
    8.8.8.8:53
    Request
    allin2right4you.com
    IN A
  • flag-us
    DNS
    allin2right4you.com
    3Jo4E6E.exe
    Remote address:
    8.8.8.8:53
    Request
    allin2right4you.com
    IN A
  • flag-us
    DNS
    allin2right4you.com
    3Jo4E6E.exe
    Remote address:
    8.8.8.8:53
    Request
    allin2right4you.com
    IN A
  • flag-us
    DNS
    allin2right4you.com
    3Jo4E6E.exe
    Remote address:
    8.8.8.8:53
    Request
    allin2right4you.com
    IN A
  • flag-us
    DNS
    allin2right4you.com
    3Jo4E6E.exe
    Remote address:
    8.8.8.8:53
    Request
    allin2right4you.com
    IN A
  • flag-us
    DNS
    allin2right4you.com
    3Jo4E6E.exe
    Remote address:
    8.8.8.8:53
    Request
    allin2right4you.com
    IN A
  • flag-us
    DNS
    allin2right4you.com
    3Jo4E6E.exe
    Remote address:
    8.8.8.8:53
    Request
    allin2right4you.com
    IN A
  • flag-us
    DNS
    allin2right4you.com
    3Jo4E6E.exe
    Remote address:
    8.8.8.8:53
    Request
    allin2right4you.com
    IN A
  • flag-us
    DNS
    allin2right4you.com
    3Jo4E6E.exe
    Remote address:
    8.8.8.8:53
    Request
    allin2right4you.com
    IN A
  • flag-us
    DNS
    allin2right4you.com
    3Jo4E6E.exe
    Remote address:
    8.8.8.8:53
    Request
    allin2right4you.com
    IN A
  • flag-us
    DNS
    allin2right4you.com
    3Jo4E6E.exe
    Remote address:
    8.8.8.8:53
    Request
    allin2right4you.com
    IN A
  • flag-us
    DNS
    allin2right4you.com
    3Jo4E6E.exe
    Remote address:
    8.8.8.8:53
    Request
    allin2right4you.com
    IN A
  • 81.218.19.236:8080
    3Jo4E6E.exe
    260 B
     5
  • 8.8.8.8:53
    allin2right4you.com
    dns
    3Jo4E6E.exe
    325 B
     5

    DNS Request

    allin2right4you.com

    DNS Request

    allin2right4you.com

    DNS Request

    allin2right4you.com

    DNS Request

    allin2right4you.com

    DNS Request

    allin2right4you.com

  • 8.8.8.8:53
    allin2right4you.com
    dns
    3Jo4E6E.exe
    325 B
     5

    DNS Request

    allin2right4you.com

    DNS Request

    allin2right4you.com

    DNS Request

    allin2right4you.com

    DNS Request

    allin2right4you.com

    DNS Request

    allin2right4you.com

  • 8.8.8.8:53
    www.microsoft.com
    dns
    3Jo4E6E.exe
    315 B
     5

    DNS Request

    www.microsoft.com

    DNS Request

    www.microsoft.com

    DNS Request

    www.microsoft.com

    DNS Request

    www.microsoft.com

    DNS Request

    www.microsoft.com

  • 8.8.8.8:53
    allin2right4you.com
    dns
    3Jo4E6E.exe
    325 B
     5

    DNS Request

    allin2right4you.com

    DNS Request

    allin2right4you.com

    DNS Request

    allin2right4you.com

    DNS Request

    allin2right4you.com

    DNS Request

    allin2right4you.com

  • 8.8.8.8:53
    allin2right4you.com
    dns
    3Jo4E6E.exe
    325 B
     5

    DNS Request

    allin2right4you.com

    DNS Request

    allin2right4you.com

    DNS Request

    allin2right4you.com

    DNS Request

    allin2right4you.com

    DNS Request

    allin2right4you.com

  • 8.8.8.8:53
    allin2right4you.com
    dns
    3Jo4E6E.exe
    325 B
     5

    DNS Request

    allin2right4you.com

    DNS Request

    allin2right4you.com

    DNS Request

    allin2right4you.com

    DNS Request

    allin2right4you.com

    DNS Request

    allin2right4you.com

  • 8.8.8.8:53
    allin2right4you.com
    dns
    3Jo4E6E.exe
    325 B
     5

    DNS Request

    allin2right4you.com

    DNS Request

    allin2right4you.com

    DNS Request

    allin2right4you.com

    DNS Request

    allin2right4you.com

    DNS Request

    allin2right4you.com

  • 8.8.8.8:53
    allin2right4you.com
    dns
    3Jo4E6E.exe
    325 B
     5

    DNS Request

    allin2right4you.com

    DNS Request

    allin2right4you.com

    DNS Request

    allin2right4you.com

    DNS Request

    allin2right4you.com

    DNS Request

    allin2right4you.com

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Recycle.Bin\4652947DDCCD71A
    Filesize

    17KB

    MD5

    81355bc35f20d20008335798e6be31dc

    SHA1

    2b76efcf01f13e7234582eba372f951ff48047f3

    SHA256

    d62c7a42ad64884d596fdbd75e96af45e5e8c635efdc4650c570d19a05f7e6f2

    SHA512

    5b77814570644e0c92d8ed6a72d5cccf099d30aec15c1598718b9724c71b9c5d6db92ab78733f8fa65c85d6affcc14af9cd92085f7ae166324671ae9d02c1630

    Download Submit

  • C:\Recycle.Bin\B6232F3A651.exe
    Filesize

    170KB

    MD5

    1c2702cfd4a2effd1b80c416913529d2

    SHA1

    a779fdb5270ee57f820dd4212f992950f09907a3

    SHA256

    0c369fa4e5d433c3bbbcc83506fcbd15ac59de562ea647de9aa0ad51b1d8880a

    SHA512

    0b41b087d30a63d4ad9de1ffb44a8f4d57829626a6abcdfdb03810dcdd3aaf869526bd01357c75335e4797949046ba8a596c4e318cbe53d2f2166a723a825497

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\3Jo4E6E.exe
    Filesize

    3KB

    MD5

    29090b6b4d6605a97ac760d06436ac2d

    SHA1

    d929d3389642e52bae5ad8512293c9c4d3e4fab5

    SHA256

    98a24f0caf5b578e230e6f1103a5fba6aecb28a9128cad5520fcde546d643272

    SHA512

    9121ec42fa66e14a4fc3932c8dbcc8fb1a93ab9de00da57a82e176faa70b73f6992f8c5e2ab52c02fc28c8f0c59aee73b6fbbd39107db7d15105054f4390e9be

    Download Submit

  • memory/876-43-0x0000000000400000-0x00000000004AB000-memory.dmp

    Filesize

    684KB

    Download

  • memory/876-23-0x0000000000400000-0x00000000004AB000-memory.dmp

    Filesize

    684KB

    Download

  • memory/1240-86-0x00000000005D0000-0x00000000005D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1240-8-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/1240-9-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/1240-7-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/1240-6-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/1240-14-0x00000000005C0000-0x00000000005C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1240-15-0x00000000005C0000-0x00000000005C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1240-21-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/1240-3-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/1240-11-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/1240-5-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/1240-85-0x00000000005D0000-0x00000000005D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1240-88-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1240-94-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1240-89-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1240-92-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1240-93-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1240-110-0x0000000077162000-0x0000000077164000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1240-91-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1240-90-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1240-10-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/3576-79-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/3576-62-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/3576-72-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/3576-71-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/3576-69-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/3576-68-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/3576-67-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/3576-66-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/3576-74-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/3576-75-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/3576-76-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/3576-80-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/3576-77-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/3576-78-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/3576-83-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/3576-82-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/3576-70-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/3576-56-0x00000000005D0000-0x000000000061E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/3576-65-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/3576-64-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/3576-63-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/3576-73-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/3576-61-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/3576-60-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/3576-59-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/3576-55-0x0000000000590000-0x0000000000595000-memory.dmp

    Filesize

    20KB

    Download

  • memory/3576-52-0x00000000005D0000-0x000000000061E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/3576-53-0x0000000001001000-0x0000000001002000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3576-51-0x00000000005D0000-0x000000000061E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/3576-54-0x0000000001000000-0x0000000001004000-memory.dmp

    Filesize

    16KB

    Download

  • memory/3576-49-0x00000000005D0000-0x000000000061E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/3576-47-0x00000000005D0000-0x000000000061E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/3576-39-0x00000000005D0000-0x000000000061E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/3576-48-0x00000000005D0000-0x000000000061E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/3576-123-0x0000000074840000-0x0000000074C90000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/3576-117-0x0000000074840000-0x0000000074C90000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/3576-116-0x0000000074AF5000-0x0000000074AF7000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3636-13-0x0000000000400000-0x00000000004AB000-memory.dmp

    Filesize

    684KB

    Download

  • memory/3636-0-0x0000000000400000-0x00000000004AB000-memory.dmp

    Filesize

    684KB

    Download

  • memory/5100-33-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/5100-32-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/5100-36-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.