Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

1c8575d5be...18.exe

windows7-x64

8

1c8575d5be...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    135s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    01/07/2024, 21:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1c8575d5be57704d35f150dc101e5eca_JaffaCakes118.exe

  • Size

    250KB

  • MD5

    1c8575d5be57704d35f150dc101e5eca

  • SHA1

    1eb97ec2d13018f35a91a5d30ef1faf703e195e7

  • SHA256

    40e7148d075f5b528df9b7d60ccd54169faeec3ca41e519bebbe8da813e3b8c1

  • SHA512

    69ffcd817b32c6744ef4ce3839945e2a90d67259bdbf568aa674112a96913d37bff47383b8fcedf0c07edda889c071378b050fd3cada2d4a6dd1b8d90a0d9e54

  • SSDEEP

    6144:yhieuJDr5T8b2ufqBLjSB/MS7irtIa6cwoD8ZroSfjGFA:PeKrJJuf86AYcwoaoSbr

Score
8/10
executionpersistenceupx

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Deletes itself 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in Program Files directory 2 IoCs
  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Modifies registry class 26 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 13 IoCs
  • Suspicious use of FindShellTrayWindow 48 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\1c8575d5be57704d35f150dc101e5eca_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1c8575d5be57704d35f150dc101e5eca_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2968
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files\WinRAR\winrar.jse"
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1572
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.go2000.com/?g8
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2664
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2664 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2616
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ping -n 4 127.1>nul &del /q "C:\Users\Admin\AppData\Local\Temp\1c8575d5be57704d35f150dc101e5eca_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      • Suspicious use of WriteProcessMemory
      PID:2920
      • C:\Windows\SysWOW64\PING.EXE
        ping -n 4 127.1
        3⤵
        • Runs ping.exe
        PID:2712
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2404

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\WinRAR\winrar.jse
    Filesize

    11KB

    MD5

    9208c38b58c7c7114f3149591580b980

    SHA1

    8154bdee622a386894636b7db046744724c3fc2b

    SHA256

    cb1b908e509020904b05dc6e4ec17d877d394eb60f6ec0d993ceba5839913a0c

    SHA512

    a421c6afa6d25185ec52a8218bddf84537407fd2f6cabe38c1be814d97920cfff693a48b4f48eb30c98437cbbb8ad30ccd28c3b4b7c24379ef36ac361ddfdbf1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1f8e9b8e457faf4599caf013bde1e27f

    SHA1

    d3c29380986de4465265ad6764d9dcf4446129e8

    SHA256

    63794d8fc9c4a3ff3023dcfa3fde197f90095628405898fb7c0ccf25f157a9cb

    SHA512

    430f573434a329dd20d549f90b9846c5ba0e15f7440f9c01f7ec18125173b2c3372bcb9791a3161af53d0d4e32e651b55647bc778b58ffc7dc04ba83f742a186

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    559006ed63877bf1cd545ebf99fef8a8

    SHA1

    6d49fd0d5e1debb4a65471602feca737299440c0

    SHA256

    65784e8c3d4511575c754b1d78f92e3dcef64f9466f1134c560557d264950e11

    SHA512

    81177668005ff51897a6e19530615a76b10294889aaa2ec3cb1864f631741b656d7c8c6e5d436a6db5a404ccaa05b9177b290a464ac810235ee875c3236bfefd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    170044e4cad9a92d52ade16be4c49bad

    SHA1

    701d6a33cc6236041936f10da0b4c167e5393537

    SHA256

    ad35d700f5594fcb9799ca571596b7b0f314f8cbddfb433318e6902dfc2f9c3d

    SHA512

    0a0ed82cd5062aaad1da8738656123d165870d682b4e0a07ae1be6956177ed80a4341e8ca3d3eaed9661cc0bd77bd3bfd5a0bf18a5166415b156fc8069349332

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f0d283067b3da66d3d7566f0631da71f

    SHA1

    078cdee93e7a3988dcd7cbfedc88cddcfe6bd271

    SHA256

    53b1cb4cbaff98e69cc1fac05d5b1c3554e78f2a10a64b60c79fdaf4eabbd69b

    SHA512

    4a5ee754fe3c61b429fbca7c5d6af3006bc3f5208c0995581e005c8734b06afb31094806f299064bcd1491b6ecd04dbe765e64937a826c8e2d10ba78e4db95d4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    30288c844587b923ac26845c006d0f98

    SHA1

    273c19b5cda8b629112ac99b8133696bbc591859

    SHA256

    d6538c2f1f761141b18f078ae3f72b412ad09aea977e6f310e88cac16c0ca0d2

    SHA512

    c7f0b1e719e2d6d72bb4d2d39d444e3eb5778517f82f98808041a5ea9b59ca5528013cd7959c2e5cab21a1d79e4dd32841623dcffe5e3fb8d83285a7034f0937

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e721ee5280f3676aa661c80e7ee2f101

    SHA1

    c16cbe7f25d3429f21f9a0c2dc0146808f08bff0

    SHA256

    0d9f3d20a90fddf8081600844f61e8ef5700ad5626fcac826ce6233ef775fa50

    SHA512

    70722011cc5e28beefa9ff7f9cb713e7c0e7e40c30cecae57ebbe030f61c4249c09adeab48894c984f5e05440d2c7822f251ecb7fd115a7e19a49c32d62bdcb0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    60bda08603cea478078554b2ac0712be

    SHA1

    b52bb55fd30296c71053d2833b7e51c6435777f9

    SHA256

    2777b44bf6a4835f09bf14362396ccc6d6ac45ff847bc1497770e999adea61d6

    SHA512

    3f4c3e5f7923f3eabec16ebaad8a0c3138b408824c3afa514d12632fdd04e58f44e41db53374fff3cf6261cac8bb9960a617fb1870bc4aa089d62cc02b88d576

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c58e2ef9c9c5e2a8b47ee25d0b863cfb

    SHA1

    ab73073cfc7dd890ac570161143f2023488fad5f

    SHA256

    8e17abecdb058dea82c4a7438a05704e73ef9b29deda4ec4c3d42dcbf24ab0da

    SHA512

    7199af5292ed75ee06b23ddd257dfae72ccca9c94f83d328fef7f6596ca9124a5c057e6002bb9474e10fc9a8a93d57163baf6a0e9cc200ef1c5352fa6f7fa541

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    de8b0b28d14d58ac4ef720c6b7f23afe

    SHA1

    385b409be346f44586106208702923ee7185ccbc

    SHA256

    8d0086cca11bb22624117bda346f80a505fc09f9362d2666472860eb320f2132

    SHA512

    04a0f71cc0519ff86f43cb59ab4fc384b2d5b62978767967eb95b06b5f2231a8f21bf72e8ca024c524544cddfc759ad969d0a1fd593218ba72f974ee98885866

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1376e4574921eecf804f25476de196d5

    SHA1

    210aff09e0dd5d39c746954bea7c6586334c96b9

    SHA256

    1f801ffe9adbc85d65e3ab071527bdf9d9496ce7868f2758ff7ed2c2de0cc852

    SHA512

    fd7c25e4a159c29270400147cb6adfef549d4da3c1fb351f10a5b6ca57baa741f4f3281c459bf9b7451df24bd20c3a298cc4fbcfee0745a05ed102c3c59c5832

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b81cf5d2748c7dc756eefeb77a2eb25b

    SHA1

    3a1cde6b8448fd9a2aeb0350006016d331afd644

    SHA256

    e641781965faf72b29073d3c88de69c89b9b4b20080fcbbf6da10b382ad5934c

    SHA512

    afd78022f6752ae1ace85ce34101b1daf70a4f2e5f72c6b6237dbb785dc4afd63504caf120052b32d03573d08df12a9c41621478e5c01326a9bffbd1d334dbf7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1a5e3f2b159203ec85679b9a6bd026c3

    SHA1

    ef2de0b7a92440a73706f59cec84cf71e45f7e47

    SHA256

    a917186bbfd4aa036c988cf5d1b31e737d0ae5c24ff287b0fde3d226f3a15994

    SHA512

    698b3fd32694ba8807cb6140469258b3a1db8c1049a6031b8848ef9e53984e3712173a8821aa91b4f18ab42a26152fd8e3833a65f39f9988fb58e589c6d3c225

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2c85f690f5aff415528923898019e359

    SHA1

    780635d04a7d0b1d8cd63ec9f92cec452ecd12f1

    SHA256

    f4d7c9cc1c3a388e118631b94418dd3217e09f106b70f3a0fc338129d2660576

    SHA512

    77d99cffd5462cf93e0ca1ee34b092be1ed51ef2cf71f5981f6e95e177067efd6b76c0ab5abfdf43878bbfb69258e84ee26b293ab0ffed99d09515ee2de2c166

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    561728dd131453fd983d72a1bce09eb8

    SHA1

    e53c70d820b6816601c3a5cf8bf10ba09eb2e27e

    SHA256

    eac64136807185e1e450034ad2b1321947a0259910f123c48b67fa5e8e46a53a

    SHA512

    04f0d7657759213826d13d1b1b72e0eba6bdb712565256835ab916414e302d0b6a1fd95d53e613cbdb12991c8cdc5405f179f1c3dc96ba215f0409a77bcdfaa1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ccff52f24c12be697ce706ee1a41f090

    SHA1

    805b4d7d6d7c9913267a33728c24865ead740868

    SHA256

    511ef6a1ff3fc70948caf1811117ed9b7dc0718447110d59e8326ddc5f835cfb

    SHA512

    0124c15351093d6e6b312a024c2c8e7a45d3eb183f2ec302f48673170ca464d24ef3da3759e1308cba9752c4b6d5b7d95cd9a196a94dd5da457a7dab69c91cf8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cf4353110ae7c719421194c9069d2676

    SHA1

    cd0681e517b74f2361c2681df9daee0bfb11b376

    SHA256

    b337ad86a7359c92bdef2a7f253ff02568775de9aee8ab749ba735c5cc10a5bb

    SHA512

    edbb47d8a980a4857d0c426edb72d6b7c43cb9d203ad844f3d9eb6415d6165e4de80f595b86f241f6e41d46ed88e0f04b4a92c84f47ff299e636ebb44270a8e2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    60205e8f2ecaa8ea6ea6d26ec84f4394

    SHA1

    a224597a605bf1ffba12798638f463a556c9b25e

    SHA256

    c3a1dd1b74d75ac02fa2d21d83f5cc02635e40cc3704aa01d1bf93f4d89cb76c

    SHA512

    480e59931122c46c883aabc7449d8f0830a43e44f2e02a6822025c9a3f6ab1c8993d724488d7525e4fa97b09ef524993d7136fa8a0546e511a0d43d5f40da65b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    af699d1ba70af6f958c95f8e69613316

    SHA1

    653ddcaa2fe755ca9f7fa9e3f4aad01da7c3b4dd

    SHA256

    2015ad2d06ac73b6b05f0f383b335ae11b5ed94d8d8af892d299ec4f645ba635

    SHA512

    a15cc8f82427cb543d5e632dd29ad2726869bee35db624936bd5ce02ead15ebb496bcba6e5ae1a84f12626b2ffb760c867ca03339a4d36a5930b6d6527342b7b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3412.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.mmc
    Filesize

    255B

    MD5

    a0c4d2f989198272c1e2593e65c9c6cb

    SHA1

    0fa5cf2c05483bb89b611e0de9db674e9d53389c

    SHA256

    f3170aeec265cc49ff0f5dcb7ed7897371b0f7d1321f823f53b9b0e3a30e1d23

    SHA512

    209798b5b153283bea29974c1433fe8b6c14f2a54e57237d021ecc1013b8dc6931dedcc2fe173d121c719901045fdf2215177ba164c05d703f2e88a196252ec4

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.mmc
    Filesize

    149B

    MD5

    b0ad7e59754e8d953129437b08846b5f

    SHA1

    9ed0ae9bc497b3aa65aed2130d068c4c1c70d87a

    SHA256

    cf80455e97e3fede569ea275fa701c0f185eeba64f695286647afe56d29e2c37

    SHA512

    53e6ce64ad4e9f5696de92a32f65d06dbd459fd12256481706d7e6d677a14c15238e5351f97d2eb7bfb129a0d39f2603c4d14305a86821ed56e9face0bc252b6

    Download Submit

  • memory/2404-1326-0x00000000029B0000-0x00000000029C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-0-0x0000000000400000-0x00000000004B1000-memory.dmp

    Filesize

    708KB

    Download

  • memory/2968-36-0x0000000000400000-0x00000000004B1000-memory.dmp

    Filesize

    708KB

    Download