Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

340503539a...18.exe

windows7-x64

6

340503539a...18.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    120s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/07/2024, 08:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe

  • Size

    1.0MB

  • MD5

    340503539a855a3966b10c89f4f841ff

  • SHA1

    4d627ae83b935f50e6633e07e27512b61081a6e3

  • SHA256

    deb12f24f535d0eed66f468b271df61acbce2d44c0fcba5dd04221fc322508bf

  • SHA512

    c0f5bddce999d391dd96b5d24ed1aa742e68ca22ed30cb7dc8ae165c01bc13bc583f2aa04ce51b25d01737ec7a02361cdc1fe04fe4e960c9260d7e64d5b51bb4

  • SSDEEP

    12288:Wga6G6stXT8RzMwlZHu2WyEMZK/W/5s8cvRMdxzJuntMq95KuxlltS:WaG6s9T8HZWVMQW3zzJOtMu

Score
6/10
evasiontrojan

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe"
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1552
  • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{D5E8041D-920F-45e9-B8FB-B1DEB82C6E5E} -Embedding
    1⤵
      PID:3292
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -startmediumtab -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4044
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4044 CREDAT:17410 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4468

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
      Filesize

      854B

      MD5

      8d1040b12a663ca4ec7277cfc1ce44f0

      SHA1

      b27fd6bbde79ebdaee158211a71493e21838756b

      SHA256

      3086094d4198a5bbd12938b0d2d5f696c4dfc77e1eae820added346a59aa8727

      SHA512

      610c72970856ef7a316152253f7025ac11635078f1aea7b84641715813792374d2447b1002f1967d62b24073ee291b3e4f3da777b71216a30488a5d7b6103ac1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
      Filesize

      1KB

      MD5

      f7816a1994426cf440b63bfe5478d8a5

      SHA1

      74f4d06d4b2d822d6f392093f4d9b2d26f577c9b

      SHA256

      be296975a18646afb55c96cb6df42008dc872086de6a4276ed9a5b671e2ad80c

      SHA512

      7cd9f91b64b8fed20ed3e6d3e57458241f36f47769f978b154c406f7c4727ba6d7e2e762d1736b203b019987a8c5e5be3a8dd0e5605e4dcad6bd067045e947bc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_925B71A3CCECE24AA0EFF09CD733A93C
      Filesize

      472B

      MD5

      1186c6a3f4acaf1257d276501dc3e057

      SHA1

      d173283a40732d762b6caa2f0d21412a2afd5f16

      SHA256

      448485eddb00b906f3742c40ac563e4887da23430003bc7988f23caf5827403f

      SHA512

      1bbdc162c3c7ad1e32f9d06cbc4fade0726d0767348b2239aa1caaa0013b382b8c5cfea3508b6dddcda968ea14f395af54209d2353cc19ff4dbf82721491a091

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
      Filesize

      170B

      MD5

      419cbf68fd0e83efe6dfc7378a042748

      SHA1

      84e7fcee648293da24f35dffb3bf72574e0253b7

      SHA256

      997685de902a3a9b54a1ef8577bfb6a520adc05f34d8de6b7a9514822003ead3

      SHA512

      639f70b7a2943b2f31788f01736e0d1faf4e98f87a3224aed5bc2cf7effe9865f6a75530b74eb741d98af7580daa093c1041720b32c00f911638ce5db944ae3d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
      Filesize

      410B

      MD5

      34a47e8779943802b7992cf50550a214

      SHA1

      a5ffbe3dd6418858e341f21b0783d7ec5db43169

      SHA256

      f8c8460a00b52e6a9672400c7dd083056c61ad93002de5c866cdf90e673e4fa2

      SHA512

      9cdbae3390df3449df1dfa49248785d9804b7d80ada46df534273ffd54a893437fae2a29788ac900327a51833cd8e859e78c5a0cff56a85d3bab4a0fffea2d93

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
      Filesize

      410B

      MD5

      fec2917edc84fb156c8b8a4772620834

      SHA1

      6d193262c7ea64aa1bb1be2f1a94f28c18e04ffa

      SHA256

      fd7270c3c4962d2d13a6a6188a52f5a24cc95e104fb465f7ec6e172647433634

      SHA512

      690cebd8e4d834c3edcea46ff1463f26ace0e1b2db571091b28d59bd74cc9d26f2ef2a19dd48f21e0f2961d2f81632b71676e9d879f4b260e585126545c590f0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_925B71A3CCECE24AA0EFF09CD733A93C
      Filesize

      402B

      MD5

      ee40e5b18f648a9f6fad7b39ce63060c

      SHA1

      6445da17a3cdfa2496a8f17f09e14e182bd14b2a

      SHA256

      95471458f25e79eb84562c3622dfe365af0c3e8f5a6735755673f11f2442fc26

      SHA512

      2d91602501521c4d62a7297df58e9f9a930ba8bd846cf93b450cbcb0196bce57d92d323fe8c4ca63535cba9d3cc875080dfdc112b9ca1c54e152016f6fbd5a8f

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\yaj4t2s\imagestore.dat
      Filesize

      1KB

      MD5

      cbec5f1e301c94ec09b7904a62bb124b

      SHA1

      9916b1f12ef355f6e99c2748a4b7943813a0e46e

      SHA256

      17d004dc5d96ff01d176a36b92586d4e5c1c3bde5cf356580d6d546d8b0275de

      SHA512

      3875eac43916dcdee29c4f5e71e9a041d67edf8f5ef1012485899ea6da5004b8e746a3de353d682df33b2cf2f4cc76ebed047e870f1e2af8595e5ce58446e995

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0HGGBLFL\js[1].js
      Filesize

      306KB

      MD5

      4d524c72bba0935434754ce174c1ccc6

      SHA1

      a499eed0774194439c47fe316c1d7761e7d12301

      SHA256

      5742a8c28c386294a2b2c4065d9bcd3b35ee6d5f0e76944e51e56fd3b9161464

      SHA512

      9e19c9c036f587cc7f1696d4813c9328526d0f860ac4e7cee5dca683e834c5259a1d065eb5775d85383cb2b5fbbf0c0b50789ea954faaaf97064cdffff50abbf

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\D1AP1AEC\suggestions[1].en-US
      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OZDMMIJY\favicon[1].png
      Filesize

      1KB

      MD5

      1c1d347c68bd5810d765514fb85d1938

      SHA1

      cf7bb8af4e9ecb6fdca7126686f68f9edc80ccfb

      SHA256

      be3dc9556fc0be573c0f25a0b9c5c8848cd2c416089abaae521a97bbfd284b36

      SHA512

      52fd7f967d40495dfb7a57807f62240b4b474fb27a2b6cb315e90589e47f898842154f93e8b255b5f9217ac68e90eab335cc6cfad98e5112bf7a32a9721d0080

      Download Submit

    • C:\Users\Admin\Favorites\Íâ¹Ò×÷·»¹Ù·½Õ¾ [www.zuowg.com].url
      Filesize

      110B

      MD5

      f9fc3e4f710ea6068eccca29ed784970

      SHA1

      eb6f961e7102e3aef227b204ff4dd9563f745812

      SHA256

      1c12badabe490d7c3d63bb0187965344ce0ed923eab707e446900a9b98913fcb

      SHA512

      b2d0db7a2c4b4d4e53a8daf2caff6a0ea826133038380e5dcf8c6493417f2884ecd61f047798189a3cff13cca3b9dbe99e5a501ce5de10488b2a337389b019ed

      Download Submit

    • C:\Users\Admin\Favorites\Íâ¹Ò×÷·»×ÊÔ´Õ¾ [42724920.ys168.com].url
      Filesize

      115B

      MD5

      514d1b59ae8925c5edea3c446ce588dd

      SHA1

      60dd675b65c7ffaac6ca731dba265a6f316a6f75

      SHA256

      6bbfe9e113e075b646ae49400657b8bb20cbab06854b38bf007ac6e15cd7b773

      SHA512

      5bf3d0f1715b445852ad184907d2161967d51cb8fe9673330438d8705502bc63e263222c43839140c613a427b0b58b297e522b3953c2543453625e01b8017253

      Download Submit