Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

3373c58ac5...18.exe

windows7-x64

7

3373c58ac5...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    10/07/2024, 05:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3373c58ac51c3fecdbc5cc7f31a22d8e_JaffaCakes118.exe

  • Size

    2.2MB

  • MD5

    3373c58ac51c3fecdbc5cc7f31a22d8e

  • SHA1

    b0150b29dc543047ec08d17213ecf4bc72a58e66

  • SHA256

    c98f3ea0c81d72f2ce51cc823514ceefbfe1f4edf3986fe739dfb17896c45658

  • SHA512

    29e35fcabce9ece8405122646c0bb30f68e7b41c6306a0078dc5491ff850929634eb9d7da450450d80f97bc6ce3c3d3904273e0e35688354286f6b17815f6054

  • SSDEEP

    49152:VMlTDmb1j7zfjBhFGwnX92YSmAMPKGVtlQD5sn6dO:VMVUP15X9LlPKGVk1rdO

Score
7/10

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 1 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3373c58ac51c3fecdbc5cc7f31a22d8e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3373c58ac51c3fecdbc5cc7f31a22d8e_JaffaCakes118.exe"
    1⤵
    • Checks BIOS information in registry
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1572
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.paopaojisu.com
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2376
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2376 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2100

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9e3385c703719799136839fc7b656f37

    SHA1

    6391a4ace359fff339c6d47f4aabb4f531b0f49f

    SHA256

    23a840fedb81ffb2516c603d078aae412d20754abae258b0ddb1862574fae9cc

    SHA512

    2aabce191c4f04f5f2af79175990d37314d1dd8ec6112d5cb799e6d4ac2b3b6e2f5a574c898024289904094130216b2b6b96f9c67683bffd7302188bc60ffb52

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8c9b7929b7eaaf86c4318fc974a78dfe

    SHA1

    964d2d533915285380e29f0145d6812f1d989ddd

    SHA256

    914732aa4355ca76b5869765d556a1426b82504c6e1ac3cad45a4c8aefad693d

    SHA512

    92498af31f54900071fbf9b1df60c0b3e769d3fdcf2a8f802559f7c6dc3935ddf05256193234222886b309d05214771fa400e53a95b7c4d66f833e6b597e5991

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fe2f047665e1c1950d1cdeae9928bca0

    SHA1

    39be13562544c3c51d5b14687b8d04fd8255d9c0

    SHA256

    df5dd0d9f710d7772128d7c0d6aa02b650b028351d739128b2d277e50a702380

    SHA512

    e7867a22af329764274691e1c4224ae79cc0d43cb19533c087d22e866ef5cc37bfc6a6918f641ce90878fb9d9dd48f241217a72d2837ddd3c432aed8d482e851

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c1264df934bf618e6a81f2db301a526a

    SHA1

    9bffe097a031ceb81783c49451262c1f7909f15a

    SHA256

    f60506b47554ce8934dd1743fc54bb13bffffb36241bde46d13b3ba7f787bdcc

    SHA512

    86642f676ff39d9b3c5ee8360d197fd4b1081f70274b17e521c69e5e4ea486c2e0aa6623e941127bb8d7ca1155e19e113238e71dd240e0ab7fb10b941dcfd3af

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2a773ecc096b4da00c8342719c5a5795

    SHA1

    4cd881533edbb79b33caa5c2fbda45b614da005e

    SHA256

    90fbbc14414201c7141c7b9a3a649fe680a829bbf48aa93d1e0d7d0d0bda9580

    SHA512

    75f1ceac7489a11e34c87c4144597d404edb0bdc6775271411b38a34e8695bd2dca107c761fc8fc2c4617ca45c2581f3adc711486b8c9906c70c46d429b2f250

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    44773aa8c14ba8a97fa0c3746643e837

    SHA1

    96764f7fcfcb91ca38a57f45450e03e18920d295

    SHA256

    2630c441b2ee91842b6a7e300dcf104a3ab59d7748d631bcac6a9ecb9ac51c94

    SHA512

    67d670127972da8b61bc61a2a479cb91b48113544ce3b843bff87f6095a0bf7ccc08d358fca612a494ceee7356862cc6d318763ca377b3191f9165eb16a3b1ae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    516a594994042a38d121131ffb0721b7

    SHA1

    6b08ecf9f2406594e34b53c0b9e90d98007d0d84

    SHA256

    37a028ca8f05b46b49489945a22bcafa49a518eb2fda62210cacfdfd497c91de

    SHA512

    4e8c704c422dc521691f0afab23d6e7858ec1043810228fd112703f9de0b36f8a874cd03ea67a73c22130917585dba18e0d0fce43c3ff100f4eb93bd450a166a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6b067f107c019a1471f73180cebe88a5

    SHA1

    787651c83c820da98c851100dee3d3168b6ce4b0

    SHA256

    bb357d068a3588c0e1f78dca774f1c48b902a026b15978bb084a6fe4af1813ed

    SHA512

    0d4f4c2abeb243336703d9781572bd2ec50d5fcc42045b8a658b724ea807a60099d10d0ac0b25bf78c2cacd56c28fb3fee70e41c18b20cf0556af3459940bc16

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c1cccface8fa5ddcab430c4d01d3651c

    SHA1

    0e8ab5f28210026c96749920125645d13303422d

    SHA256

    159ccbbb26828821b7900ce35d2720b3266a8ece4a67b7822880188402ff988a

    SHA512

    0bcb62eb2ace4018741b3d98b7615ca4a9038cb5758a9ccea408d2d9cc0f3b9131f9f719daa1a828a0bd83481747b2d414549babdb1ea8522a8d4594fb584164

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    03b3409e367d485d1e2205cbfcffcac7

    SHA1

    129543df877da684bf0dfb83a1f2dfd66f075eb1

    SHA256

    feaf934b0a7796f69dedb2eb2eb6189343b39ba0acc1f9386ffc1489690bdd06

    SHA512

    0630e7e77327ba7faf9d291ad9ce4cfae439900760e32222e08de95c160f75bd4da14cfa44a89392385baea53795e089e4132e518bfa18d49daa1b31212d2529

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a43231a439b75aa8e44ac74209a34b56

    SHA1

    94022d283dc07435dfc5d8f14519330935601444

    SHA256

    01b37506b3588fd6541c83a29a68ff9bff5a2cd279af2727cb2741aa0acf1695

    SHA512

    329d6563c4bf3ccb3de31fc44b13246b39fc6031cb616b557f2fa44a1889f35ff68a8cc8dadbe62185bb9b5a9daf70726d787ccb29ad32b50cf8681c7fef13c1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    03d5ab90233c69d242ef918420b44222

    SHA1

    be6bc24bb8c4ad07a6c36320bfa02429e3a31c03

    SHA256

    a1553d58ac23c986fe7ca2f8fd0c849e9bfadcf46823cc7caf4c434446234fdd

    SHA512

    3629426fabcf65bb91f782a00ef08830b812a20840264c43eec71eebe12525bc5a6f3ab83fa95914143545415e8ab216d36ceae5ad65295cccea35ecf07d7128

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e62cfb8292ea21ff145a60b8c0362aa0

    SHA1

    492a65ab1593733890e2d15998a31b4037c3293e

    SHA256

    0be330cd9116c8863fe3da24e23f7df0e9d31f3d295d2e2074d84d97dabf531b

    SHA512

    87b4105c5c6166a26d0a0629d36fe433e0196f7a1fab2c1893e56f198c2e3bdd037fa538cc968a88c26f94855ab09845cb7d67fa76d41d1b5cb6a068a37e4495

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cb57f33883be59d38db8f88ea449d95f

    SHA1

    179740682f62513e716442ee945a11d864860d1a

    SHA256

    11fdabcd51bcb109d58763ff198ab9421f181c34a73d189a3fa9e3f57b429277

    SHA512

    dce5c5030056022bb37092b285d51378f5b5ebbd823df53f1c8db52ebbf0a9adfd9ea389538b72824fbdee0e6743df09b353c2543407e57c59c218d7ff005674

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a582ab08edb7da500ea3a5a8d045330a

    SHA1

    53e53f3f34dbed0ce7f79352af5978507b73c25e

    SHA256

    7e5e4f959f33adb788b807c211514b4f4298a5be0948641db6c88c0409ed1240

    SHA512

    885652c8e1e17b4575e3b4368699dbc4ce4bf83a4955ecb6eed0114c5c66f04cfaffd9c13fb55e0059e65e1f9ed138468a6cd90c4838df64beebf34d815ff57a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7824f4cac4fe0a8c4398b895fda11cb4

    SHA1

    514cf601ba9ecc1aaf66d8e262cde7594afff201

    SHA256

    595f275a6c38385282982a2d1bdcfed3520194173644ce07a2b110e180b3e0a0

    SHA512

    7683b6805df7a74e0c4f337004d348f21af845e145fbda3b09084150c0f5f5b306e87ebeae875499c299a7ee1bfcba5306021a3561612203faa2dd7388bc2e9b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD28D.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD30E.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1572-4-0x0000000000400000-0x0000000000703000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/1572-0-0x0000000000400000-0x0000000000703000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/1572-440-0x0000000000400000-0x0000000000703000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/1572-1-0x0000000000400000-0x0000000000703000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/1572-3-0x0000000000400000-0x0000000000703000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/1572-6-0x0000000000400000-0x0000000000703000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/1572-7-0x0000000000401000-0x000000000047C000-memory.dmp

    Filesize

    492KB

    Download

  • memory/1572-2-0x0000000000400000-0x0000000000703000-memory.dmp

    Filesize

    3.0MB

    Download