Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
08/07/2024, 16:39
Static task
static1
Behavioral task
behavioral1
Sample
2d0fb2ee266e068b8315d3836570063e_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
2d0fb2ee266e068b8315d3836570063e_JaffaCakes118.exe
Resource
win10v2004-20240704-en
General
-
Target
2d0fb2ee266e068b8315d3836570063e_JaffaCakes118.exe
-
Size
104KB
-
MD5
2d0fb2ee266e068b8315d3836570063e
-
SHA1
c5fa01d9e69cb37728e23ce6ac2a4c8d69236e0c
-
SHA256
1f938a8b2a8819623fb780045219697cac03c5a3c3748bca81cac10743042466
-
SHA512
17eb421abe6b64f4d1f31225a0caebfa363646feec92a63f26f0e1d426408c57e688b0c6794049982c1096cd33a876a2c6026ee75125c40f12e5cf8707f4a785
-
SSDEEP
1536:g94nDhOnpgkiuIu9YS6x9uGB+2LGUh5crgqIbflrUHXzIgp2zy9JhTHFNIjnZxS:1wwuOvOqIUrMzIgp2mJNFCnzS
Malware Config
Signatures
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" 2d0fb2ee266e068b8315d3836570063e_JaffaCakes118.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" dogup.exe -
Executes dropped EXE 1 IoCs
pid Process 2708 dogup.exe -
Loads dropped DLL 2 IoCs
pid Process 2732 2d0fb2ee266e068b8315d3836570063e_JaffaCakes118.exe 2732 2d0fb2ee266e068b8315d3836570063e_JaffaCakes118.exe -
Adds Run key to start application 2 TTPs 52 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /T" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /p" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /n" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /C" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /s" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /m" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /y" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /S" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /H" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /L" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /I" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /Z" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /W" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /r" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /j" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /h" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /l" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /O" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /R" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /A" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /F" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /f" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /J" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /M" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /V" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /c" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /z" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /d" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /k" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /d" 2d0fb2ee266e068b8315d3836570063e_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /G" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /X" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /U" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /K" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /x" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /Y" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /E" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /b" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /i" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /D" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /o" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /P" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /g" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /q" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /N" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /w" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /u" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /v" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /t" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /e" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /B" dogup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /Q" dogup.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2732 2d0fb2ee266e068b8315d3836570063e_JaffaCakes118.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe 2708 dogup.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2732 2d0fb2ee266e068b8315d3836570063e_JaffaCakes118.exe 2708 dogup.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2732 wrote to memory of 2708 2732 2d0fb2ee266e068b8315d3836570063e_JaffaCakes118.exe 30 PID 2732 wrote to memory of 2708 2732 2d0fb2ee266e068b8315d3836570063e_JaffaCakes118.exe 30 PID 2732 wrote to memory of 2708 2732 2d0fb2ee266e068b8315d3836570063e_JaffaCakes118.exe 30 PID 2732 wrote to memory of 2708 2732 2d0fb2ee266e068b8315d3836570063e_JaffaCakes118.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\2d0fb2ee266e068b8315d3836570063e_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\2d0fb2ee266e068b8315d3836570063e_JaffaCakes118.exe"1⤵
- Modifies visiblity of hidden/system files in Explorer
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2732 -
C:\Users\Admin\dogup.exe"C:\Users\Admin\dogup.exe"2⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2708
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
104KB
MD5318159447a2a97bc983351bca37aa80f
SHA1d25f0af4f34bf2d420fc3666d73dd2dd1dd3f1a5
SHA256652ef7e4ac5f6f7fe224e7482c9e20270c0fb2937c3aca915a94a535e08c68e7
SHA512a1ee7c8d1712f7fbe881af4e282d10f79d88b7267eb20387f36904b40b5d6c01cbac587c8b84feac4574e0594a891720f683f9d411c3040be2b0d3ba9c6a054f