Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

27b13b4e88...18.exe

windows7-x64

7

27b13b4e88...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    06/07/2024, 07:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    27b13b4e889ea78740a9558092804d5d_JaffaCakes118.exe

  • Size

    25KB

  • MD5

    27b13b4e889ea78740a9558092804d5d

  • SHA1

    2a88b63cf1a26fab17e4ee7cb980c03cf17ff285

  • SHA256

    24735b0dc6233726430e51f710641f07dde533e7f505b19e9611fa9c05b67cd9

  • SHA512

    24b49f28b406c74cd50e6d9af1418f15c5991d8e6dff1eb0763633561f47e1c686fb9d9ad4360d2d63e8f05bb1bb64645d52ae2de3adfbb0db5dfd5eeef6a865

  • SSDEEP

    768:FnM7I+iTdDwCgyI6YuSn2Jsn5ylml+bmsXCR2Q:vBECgyIjhb5yclVsXCU

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 5 IoCs
  • Modifies Internet Explorer settings 1 TTPs 25 IoCs
    adwarespyware
  • Modifies registry class 4 IoCs
  • Runs .reg file with regedit 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\27b13b4e889ea78740a9558092804d5d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\27b13b4e889ea78740a9558092804d5d_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2496
    • \??\c:\windows\che08.exe
      c:\windows\che08.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:1752
      • \??\c:\windows\SysWOW64\regedit.exe
        regedit /s c:\1.reg
        3⤵
        • Modifies registry class
        • Runs .reg file with regedit
        PID:2708
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c c:\355674543.bat
        3⤵
          PID:2596
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c c:\355674543.bat
        2⤵
        • Deletes itself
        PID:2120
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1980
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1980 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2712

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\355674543.bat
      Filesize

      113B

      MD5

      bee9360e8ba37e8b83a1b70f814abcf7

      SHA1

      d0fa9879665a471445fa00638a9a12da07fa0371

      SHA256

      e94360192abec51e910d2f79fe5bbde3ecdc5f3ea828b5e4a3e5523b055a49ed

      SHA512

      4075e73137fb12845da25e7438e1d14de120f85defe3de22f1b34f9368cb53b2c14769e87e3482ebff88367156aa272df0893ee2a27e5550c1a8f477d365ba4c

      Download Submit

    • C:\355674543.bat
      Filesize

      241B

      MD5

      412bc0a929fcb686d58abc406c17ea2d

      SHA1

      aa59ac255ee811d5e274acf022bc8065c8716856

      SHA256

      82f68e75945859a4028c302065a0ef4bf3d494a747cb5aeec9802bc1f61c452f

      SHA512

      218b52ebded283f3a14be2a6232fbf8e385f11334a52b0db3e3b1366a9973bb4ccfe34c75686e077c22a608b70ebe098d079e5bf2434c2095bc4010327765817

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      cca5a7679c1e7e2af33611a246db0d10

      SHA1

      d8544d991ae97ac0e6526bf2666c7a0d14c61f42

      SHA256

      1b8ed05b9765e911a4b7ebb186178161c4197ebe470ad476f4366887997350d7

      SHA512

      20689e4e674d30c8d983f891541bf3ebd770e6cd86e379c041aea3822168a9ef90c47cf9ac6c4ccb65f204d26cae4cc359b934b98e01bf89b19f62de1e46ab1f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      0bc377265a358c4b9b749dcf43919c82

      SHA1

      946fba344d14db6000e97b8fad2929725641f322

      SHA256

      7698833cb51a867382b6e8f176aa4307b6df4804abf270b5a529432dbdd42a74

      SHA512

      388ade116833bcc1ebb348f12e338fe359a3db0fd2c0e4362d35a8a69964110d90b2609906fada7c23c3953ca04ded570d16420a5266c0544b059a715f33f4de

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      1a5c4daaf81338e540019c0b8f5d2655

      SHA1

      77211cbbaeb708cd79bf7bda1fb3a23b9179925b

      SHA256

      9119e53c1a06ca042d168cccc98734618aa1e0ee42c698d10b315684cb4e14cb

      SHA512

      c94e3ed9cb154d9c8080c3d15a03194cfa785c63c8b360e01c075d2cbc37a3b599bed60d52e848ab6223bb8a0cac179d1b2619fd0fc528485092514e32a9f996

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      bca123c1e6954b3ac45cbec6b72b1cf3

      SHA1

      7bf83ed33a7ac076ad11ad2ae9475758e5a143f0

      SHA256

      21c7a4b18f4003b54b6ce42b76d129b713e89fb8161060303790859b6a2b41d4

      SHA512

      2b296599b84a8e91efcfc02bc45e5558cfaad8b27b1f452b6613d154bceeb44498b75f96bcd44248f2f7787ef3da66cff5c64b4853bf2f1b3d8d6b1f2ec60dbf

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      6a96e16d5c7e630ac15e35973d9bbf74

      SHA1

      1f7d3f91cd255d5bcde6ca0ffaa33dd551884c29

      SHA256

      fb9c5b0984c2646d51590a7fbc336aa5b49bfe8b6fbbcd4b8b93e92026dc1f81

      SHA512

      59fc8ea294d7c65ddcca491c5f982d1653eca304cf05cdb476d1b366f4e1b66d61d7368e538578bfcff662c29d20895b596fd6ba5854fdbbea960ebd790588ff

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      8bd2fbda58be91c57e933951e737618e

      SHA1

      59a36002914238760e53cce21d21a02403d7d60d

      SHA256

      dcc6efb6e3b6786083177397094c1c8d9bec93857c6581b11a77878a994ee64b

      SHA512

      7d2b4b174d05c49206b9e9b610939158d91db6722fa13a36c4e91c8d28abe33d132bf541c0f1733f43ef5e9337265b768d7389277143e6cf1cdb6024e7173e00

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      03e2c16f566f113b48950b4d2b739cbe

      SHA1

      e48a92925fb531f040ea3386eaf8ebe807b06374

      SHA256

      99ca6c19c3f2f6601358210e6a49ef9185bc4a08453cee3c513d3cc61aca7dd3

      SHA512

      5e2c689110c2ce896824632575b64e306bbbfcc2ac83f6d1e17822c7321cd82b3a1077c9a236142eed8be16450432ad4103f07393d735c8f82c7ed2fd5167058

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      0a16b572776de8a8b276178be09b47e9

      SHA1

      949cc93572deecdeac2d6145b108d5f65b383c24

      SHA256

      b36ffad133354e391e207c4c079252d7309f6e1395dac531fc48b83e54f246f4

      SHA512

      fa99edc3d120c4b203f3a8ddb906c375771be023ec2346f463b6d00d03d93a1e4f39b431bec2a4dbd9947f0b19ae363431cefeb5e2c5a78ccd3f2b3a4cb1d30a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      6778dd1ea2941948d168b4ca7c29e8bb

      SHA1

      cbd5651c29bf96a86140fa4d5b8ff01c7c1bf16c

      SHA256

      7874cec4f6c7da1b411149dc218bda240153ee715a6417a9cf97d0eb3d88ee37

      SHA512

      0efc1922138ba39d0ee05c4ef7d828dc060a38cf77d8837222b8a1f09a9c5634ee6ea0bd8857517e4ae38bfce71ff4edd72684578020b01dbd1f6cef1ee30dd6

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabD3F3.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarD4A3.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Windows\che08.exe
      Filesize

      25KB

      MD5

      27b13b4e889ea78740a9558092804d5d

      SHA1

      2a88b63cf1a26fab17e4ee7cb980c03cf17ff285

      SHA256

      24735b0dc6233726430e51f710641f07dde533e7f505b19e9611fa9c05b67cd9

      SHA512

      24b49f28b406c74cd50e6d9af1418f15c5991d8e6dff1eb0763633561f47e1c686fb9d9ad4360d2d63e8f05bb1bb64645d52ae2de3adfbb0db5dfd5eeef6a865

      Download Submit

    • \??\c:\1.reg
      Filesize

      202B

      MD5

      428090d84a47f875c8fdd6d0258f00c5

      SHA1

      96c029720065ac1dc5ece2a5481b780267d7b439

      SHA256

      8c8668f6339728aebfc08e547f15b0e250f6a551be86f47fcb6098ffe37f0404

      SHA512

      f752bf52b359a5a82e821ee288e11cd4176c39ac3c932c6f44db69780c6e2597e654bbb3a9db9c32f8659d5af66fa9578b5625758b1f6db70c1314369dbadf7d

      Download Submit

    • memory/1752-21-0x00000000002A0000-0x00000000002A2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2496-0-0x0000000000400000-0x0000000000414000-memory.dmp

      Filesize

      80KB

      Download

    • memory/2496-17-0x0000000000400000-0x0000000000414000-memory.dmp

      Filesize

      80KB

      Download

    • memory/2496-4-0x00000000002A0000-0x00000000002B4000-memory.dmp

      Filesize

      80KB

      Download