Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

283dddb1c7...18.exe

windows7-x64

8

283dddb1c7...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    135s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    06/07/2024, 10:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    283dddb1c7cd24a746e0caad57653082_JaffaCakes118.exe

  • Size

    250KB

  • MD5

    283dddb1c7cd24a746e0caad57653082

  • SHA1

    38edf6a1ff88b44883422d3eb2e1ec89d7012b69

  • SHA256

    40c953e0eaea4f563ca6d3e1b9447758863f8a23bbdb0c9a66ef1961d40e9be2

  • SHA512

    fa1ab8573b1c7d0bfb07512cfb3c82b4da8cf896664201c93d149a94175fbdb8cc1b1ee919b32e26108cc009c73cc984f96444bc654947dbb9adb7203c6a8d71

  • SSDEEP

    6144:whieuJDr5T8b2ufqBLjSB/MS7irtIa6cwoD8ZroSfjGFA:ReKrJJuf86AYcwoaoSbr

Score
8/10
executionpersistenceupx

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Deletes itself 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in Program Files directory 2 IoCs
  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Modifies registry class 26 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 13 IoCs
  • Suspicious use of FindShellTrayWindow 45 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\283dddb1c7cd24a746e0caad57653082_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\283dddb1c7cd24a746e0caad57653082_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2720
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files\WinRAR\winrar.jse"
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2824
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.go2000.com/?g8
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2644
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2644 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2608
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ping -n 4 127.1>nul &del /q "C:\Users\Admin\AppData\Local\Temp\283dddb1c7cd24a746e0caad57653082_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      • Suspicious use of WriteProcessMemory
      PID:792
      • C:\Windows\SysWOW64\PING.EXE
        ping -n 4 127.1
        3⤵
        • Runs ping.exe
        PID:1792
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1448

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\WinRAR\winrar.jse
    Filesize

    11KB

    MD5

    9208c38b58c7c7114f3149591580b980

    SHA1

    8154bdee622a386894636b7db046744724c3fc2b

    SHA256

    cb1b908e509020904b05dc6e4ec17d877d394eb60f6ec0d993ceba5839913a0c

    SHA512

    a421c6afa6d25185ec52a8218bddf84537407fd2f6cabe38c1be814d97920cfff693a48b4f48eb30c98437cbbb8ad30ccd28c3b4b7c24379ef36ac361ddfdbf1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1ca98d22a19b92ea434dbee1b12ed1f4

    SHA1

    20a343aac8177e3fdbdc8af8de59466743459fd1

    SHA256

    880f0f38fef0e3a22fb9b145cef785ab59e886c9cdafdcc2326ca87f23212b77

    SHA512

    b496cc8e93c4a077b0d68f3ae8e7fec3688ecd21ff86322144b00dbb6af76e4c30620c1c3c1eb8d269d64182e13a99e488a8a56cccb46f5824d7e43f9d571aca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5febbb36a63bfb1383ea8d77b664e39b

    SHA1

    f80ccd4585d51db80338cb40626bf94a899f1e74

    SHA256

    d23af420dfeb72500aec6d5f5f013964f3a0a0b39757a375bda00b93ba781a2f

    SHA512

    9f25a5f460c3b98b1392a119f68a5845e2b9ef77f847faed8abea92e2eb70d8bb42f32761d97198b6d964b60c44b68fd85865fcf50c718c33085fe406aff4fdc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9eb837ab7ba25df96b140de8187b01d9

    SHA1

    5601818a93ee8348b8d5a7de2fdd9f1650ad6341

    SHA256

    ab7676726eabb1e1f1236a9df7a52f2ea537315f8e012da2ec4fb7e32a24ee42

    SHA512

    43bb45c5400add9ed5b4b236438a35c378c50da7894e9559f600e1e20f4a4ade3a9bdef39fbaf38fb9f18cb43a02a90dcd1802fc4e1376d826ac3badba6fcdc6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0be40feda2609b687287647b48008426

    SHA1

    1558b061dafd1f5f9bb8873434926c43ab88a662

    SHA256

    4ca5aef1638d9601e1e7e9fa4cc7fa85a404b6c818e00d57e4aa8a0fcc4e5ae1

    SHA512

    f5a4c1b0bdab1f44a56728013a080f7eb558a44699d80810276251ae506e74ebac59e2a5588b77b7711077a3c3bed35a2a76e4de1df6a5206b0ed0498f819d0d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d60edf7faa11510eb0ffefe1b1f9af5d

    SHA1

    0c8269331ad9cfe267fa013148cbdb2eb2f65b08

    SHA256

    829f697c344d7de9564822838d1d7adcdec0f39dc742993154f26f39a66402ac

    SHA512

    40c65db709a0c8f086caff3780e0cd277f759d3f0917624e50e0d272232f07f1d51f1d2a1dae08386a3f85173327aab37c01ab4d8481081106aa6b2ad7a4a428

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    275a2974313b20de069cadf5137e61c9

    SHA1

    ea6ca3ef12dda56c3c0b103d886079ffbe703021

    SHA256

    4fb7712f33e933dba494826379216b5ed785b41b65238b97351add595cf56c27

    SHA512

    bd8e0013246bb4c09f16072ef3f1d8d0459204dcfd914b5521d53fd22d3fb261081653c12625dc6c8811bf34f0a1193273a4e6367755884f70b8726c14854375

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9d1d4165cba05935637f5da5f07d5087

    SHA1

    ccd53d34c137aeed2b536a4cff01a4ec563e68c4

    SHA256

    a145a242c8d29a27232923f191ea2167ba79a0c5429d55dc4f2cfa697184df43

    SHA512

    0891fe582c70bb9596de8529ba09de9c7a2ad8a0d5900c6bd02e376317400db1ee98d93b2d7e4276f98d097c0c36d8b4638b287a986fd6450b2fbcac5d7b8c9f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    641d6bbf9fd8fc22726fed99757eb4c1

    SHA1

    a0de217ea072ede3f8b651668668a3022ae3fb7a

    SHA256

    6fe88654ca7ad9c97ebadd25f974303ab4652f41c38d99b74ba125b3a2011acf

    SHA512

    870b09388bec21dc1f40a50356633839d7c15ef52784243a389a017b7b6ba335ac6b4a191304565b5fd78fa8d67f3ed560020e75677985b7f28b9d827ee85873

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    525b831c584d5c6ababab320d1b96766

    SHA1

    0c2e595abe813c4553514e7b7fa4597ac7d0ee28

    SHA256

    93446d59965ab0cbcc5d70f59b9c671c5931e0e70d55ff923f841d346c7af2be

    SHA512

    26bdbe7e1d5c11f4a0c69424c6b0fcde294843e8ea0478ce51609716f0c45d93c092cf912826167951a3d3efd6856166091bd13f57ad0ae45a325a60bb609af9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a498b8805ef158b90fe4b467a02785e7

    SHA1

    873a75e912d976fdf1504bd440ecfa077291e38e

    SHA256

    89a8d9d79f58cb4ab8ee8b8e8701d83507664564176bd05f2f927c57fa864647

    SHA512

    74f3f72f90df79f8f9de4a77d9ab1ecfb7303f3ae799bca9e1ccb3ed16b6f2dc9c5aded9543d0943e5ccf5c6d972e557ca3708f9ef241e7c8e3683aa0315cbad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fbdafb6c2dd66987d9f884f7bcb553e9

    SHA1

    0ce5306f4bc1084c55c89f5a0c9693eb37cb3ae1

    SHA256

    8b306b0a6f9c137fd1dacbb0bef219d4d23ba611b9d78f776cd395507fbc7dc3

    SHA512

    2875f3be96fad44df3a845d3b80cc43c5c3e0bff5be8abf4e7012c000dc21e23543cf2ee1943077e8a6da5b2530db01085acf974ff63325d8a5c221daa55dcc3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    323da3d96c832118faf489386cb2af16

    SHA1

    db32ebf483daec1ee2a7e68b70e0db5572d7492b

    SHA256

    c66f04364ec0f2b487a967a54db19c81d0028ec94685569f814981c75f6915fb

    SHA512

    c27b7595823dc674d3ff5f88525a14ba631dfb2a7faa1046923120718ab68c8a90f76c27864712f9006b13a04d384c1108c75f20d8242d99a1a00d6751c03a52

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    09f5457dd4f0e926ddeed34ba93224e8

    SHA1

    0e36eec30229e1495d1928e0f666abde659a04a1

    SHA256

    04cdd68a0a41e43fca04b67c57a68d2f6d7066357ca0ea0585683f1fe72ecf73

    SHA512

    4b52c67ef9bb8e88ec0bd6c170f16308c611c153a6141750ac9cc52ba653474fcf41fe40b10d58f872b8efd515dd812e8e15ae2db16e17c004267f3e4fe98615

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    72f1a81d1df6827889c6dab542d8f580

    SHA1

    cb0dbbf12574d28797c0ab70d0a2b9d8f0ae6236

    SHA256

    7770d80be3b95e297fdf79dc288d6d90fc9b779cdb6f711388d37b45d3ba51c1

    SHA512

    94e357819031a7531d151cf4e45ab1235d5710239d2780eeb1488da9df8d7427aead0b66dbf2cc0c97fd5f2a6b52526110be274207b323f3056ee7b7cd4e620b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    587f985f03ef4c235edfe940da3f994f

    SHA1

    987206d403566bb9778cbba376fab8b96af61714

    SHA256

    d74a735731c25378af73cfec9265641e2b4b84189f83497a8c6f47de07e30a2e

    SHA512

    b29b86c7db57d0193d78b0f5154f6bef73c498e3f9bc9538cceb0cd41d9eab70a07822c44e67e7ecb2ef10342b36a6c736da8deecb362f195b47885d36380a7d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    490ba5836680a1601c30b9be2bda33d6

    SHA1

    37c941aab9fb74b1ec3d2a406ffaed8e73d8ed5d

    SHA256

    563b795df3b3981d493b6bbade40a74b653be8ec0bef228f9c4d4c65734a56db

    SHA512

    6de89aa619d6d3d7053c704c745b5bacf85def8919f304e40fb07238527745bc8b72d0623558f424baa59fd2d18f942f98fd64a7e130076ad74187b0b24b6fcc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f966ff688dd242f163908b79579e821c

    SHA1

    c8bc7d98b5d86ce12f0a48cdf015042207d1e3ac

    SHA256

    563329080fd4737e590758a766db5f588dc6c0f329a55e444a1549d0a2ff24a4

    SHA512

    93ff55ee131f31799c2979a6e82b8c2bee103b1b9c4b658f30da1d346c9d04a5d7d32d2e9ee9a94a8211d83ef05d6040e174893615e805df098dff5779bdea9b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4c37945637514537f8951ab35eaaad02

    SHA1

    567aff31bc4b312ccd3d56041034749db27f00e9

    SHA256

    81e3e74aebe00fce4f48f911de14ca767b1dfcd6794da888a55fe74b3f48f63f

    SHA512

    c30c0064a00812c7dc7250c0f2fb837883d60e281d564dab5c872be805cd6c856d37250a12d89842c7a4444132786a2a16a37fa6affcbed1c203fa588ea6dc8f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6eefade2b1de9c56db2352de42ce32d5

    SHA1

    30a8e594131c175ba829330d3a4f79285abd6f0e

    SHA256

    3ec1d556c8173364cf761b136b6b7fc7f6c272712d0b2c783ca7439a2eed2a14

    SHA512

    6f5456a96ac6cf31966ffd93a4861cff08177dbacdb968fa62a7d6a3b81a87d2d31091b6b7249a8645d6fa07a7409d6c57233e529f53cb29acdf311b678620ec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    561c4d55101b406edeeddd0d94a81e77

    SHA1

    3f0ba3b2951113ccb813718088a67e3559015871

    SHA256

    8c83b6cbfefd425a7ac63e112f5f7b3bb203a01a0f5f283c3e16347479f2d77e

    SHA512

    a4c179bc80b4831130cbb3dfc7e5361d2d3e14022b854d0412a4f8a609c7d9dd02885137abaf7a5da86ff08108a990eba191c7f2f0f98e2c5eee7f19e748df5f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab7D9B.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar7DAD.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.mmc
    Filesize

    255B

    MD5

    a0c4d2f989198272c1e2593e65c9c6cb

    SHA1

    0fa5cf2c05483bb89b611e0de9db674e9d53389c

    SHA256

    f3170aeec265cc49ff0f5dcb7ed7897371b0f7d1321f823f53b9b0e3a30e1d23

    SHA512

    209798b5b153283bea29974c1433fe8b6c14f2a54e57237d021ecc1013b8dc6931dedcc2fe173d121c719901045fdf2215177ba164c05d703f2e88a196252ec4

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.mmc
    Filesize

    149B

    MD5

    b0ad7e59754e8d953129437b08846b5f

    SHA1

    9ed0ae9bc497b3aa65aed2130d068c4c1c70d87a

    SHA256

    cf80455e97e3fede569ea275fa701c0f185eeba64f695286647afe56d29e2c37

    SHA512

    53e6ce64ad4e9f5696de92a32f65d06dbd459fd12256481706d7e6d677a14c15238e5351f97d2eb7bfb129a0d39f2603c4d14305a86821ed56e9face0bc252b6

    Download Submit

  • memory/1448-1092-0x0000000002A20000-0x0000000002A30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2720-0-0x0000000000400000-0x00000000004B1000-memory.dmp

    Filesize

    708KB

    Download

  • memory/2720-36-0x0000000000400000-0x00000000004B1000-memory.dmp

    Filesize

    708KB

    Download