Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    93s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/07/2024, 11:53

General

  • Target

    39012b72862f10e588ed2d7f2918b879_JaffaCakes118.exe

  • Size

    76KB

  • MD5

    39012b72862f10e588ed2d7f2918b879

  • SHA1

    df1402d2c787fc35e6dc8c66572fe19668d03548

  • SHA256

    61fd924979cc940727719e9be6eae2fc9e8043de23a3526f3a4ddd3686967072

  • SHA512

    0c906583e72afd0001340b8bf11311eb413f893618b80e5076a64ae1904881f933dd248fa115b3110afcbb9d85a5a0d52de3ac134ca9f4b443f021a35fa6a612

  • SSDEEP

    768:FmL2tvq80Zk2mL2Lm2OSPRi9XhyiVPWsbRmQDXkz7g3UT8X2R3WxaTUrRhul6DJ:22okR2L5pOXEgVmrNRGxaTUDqaJ

Score
8/10

Malware Config

Signatures

  • Event Triggered Execution: Image File Execution Options Injection 1 TTPs 11 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
  • Modifies registry class 11 IoCs
  • Runs .reg file with regedit 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\39012b72862f10e588ed2d7f2918b879_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39012b72862f10e588ed2d7f2918b879_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3320
    • C:\Windows\SysWOW64\regedit.exe
      regedit /s c:\windows\temp\ie.reg
      2⤵
      • Event Triggered Execution: Image File Execution Options Injection
      • Modifies Internet Explorer settings
      • Modifies Internet Explorer start page
      • Modifies registry class
      • Runs .reg file with regedit
      PID:2116
    • \??\c:\windows\temp\sb.exe
      c:\windows\temp\sb.exe c:\windows\temp\sb.ini
      2⤵
      • Event Triggered Execution: Image File Execution Options Injection
      • Executes dropped EXE
      • Modifies Internet Explorer settings
      PID:1672

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Temp\sb.exe

    Filesize

    36KB

    MD5

    2c0585d04fd61b22fad036ac17f6ede4

    SHA1

    449b0d6bec8a92415af8fe307dfa6372e52554d7

    SHA256

    7b14a238fcbb7c124f47e5a200c7975a4c403dddca698b4b7820c8f1685d8609

    SHA512

    eae74a37efecd1b8f93aac5e1537d731de47981d13a87504056b14a4052ae8cea7a4218c6d224ba30d02ebefe7541af3f6bb11a34a404db6c0dda05e6f06292a

  • \??\c:\Windows\Temp\ie.reg

    Filesize

    2KB

    MD5

    3920e9e28621db081c0db2c7c2b683a9

    SHA1

    49e8806096f9e52761c05d50323e14bf7949104d

    SHA256

    f1ea158ec4f4b3d09640db09b0b7b2d1def71e48c64ca7466c0a079d645e162c

    SHA512

    fe04da995d6246e176e0f50a4a28e6c8f44e1d719d2aee75665711fc3a2c722c27108230efbfa638bd777275c645362d01c4c375a17323d1df7238d8c6fde4ee

  • \??\c:\windows\temp\sb.ini

    Filesize

    592B

    MD5

    2dfd6786cc65ca8bbed835263c9279b0

    SHA1

    96fc7e635c5975c4b3923d11ecbba5ac3d216812

    SHA256

    de264a93be4f0ce0dd6262a249a6d2cdb452108476a7378151750554933545b3

    SHA512

    b8b34fb3d90ffd470abb7d81976ba08cdc381b61761eb35f08ed01265ffa60dadc8e6cc140d4cc16fd1bf34c065e109cd3c88dd8f6f53ba210598bbd5b9964a9