Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

46de116aea...18.exe

windows7-x64

7

46de116aea...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    14/07/2024, 17:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    46de116aeaef2e16bc6e6c18eec747be_JaffaCakes118.exe

  • Size

    191KB

  • MD5

    46de116aeaef2e16bc6e6c18eec747be

  • SHA1

    05f81551433b4f5da6380abbd9d1e41ffd7c0a31

  • SHA256

    eab519f99914387402973b56c965867b2485caaab04b24f4e2df74c82a692520

  • SHA512

    b240bc59bca743474aa69f757a2f9e95544bf14779138a9d7c56728c9e35d6e4490cf8a4511c892afa1269b842d38dd91b709921c69da714abd5a9fd38a15cfd

  • SSDEEP

    3072:FdTejYQcRkBtZy/kqtcGxekIQ8bqJLSjDexH0THKLW15Y5dyO5SDLm9qJV8Vd1vK:PWfUkBPyrtBxgQTMK0TKpxS3H8j0bv

Score
7/10
evasiontrojanupx

Malware Config

Signatures

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\46de116aeaef2e16bc6e6c18eec747be_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\46de116aeaef2e16bc6e6c18eec747be_JaffaCakes118.exe"
    1⤵
    • Checks whether UAC is enabled
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2684
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.gamecentersolution.com/downloadgame.aspx?CID=21157&AID=691
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2600
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2600 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2772

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e8d56b9dfe709dd89722c2e92af01904

    SHA1

    5c179d8885b14a43eac135e24bd7b007a1d7d63b

    SHA256

    6258858344a68856f1ceaa1c4b4d736fa08269fbeddd0ba4695c79c1ea08d10d

    SHA512

    23734732f3a929d041c98d73f1b15fc56036d156d5c73d6c6816d89acdab54c3164a28fbadfdf99fe994a087fbd012d941336537dbf7c1cdf5233f1c34012b96

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    057002c0064c05f77dd4935f9e6945e3

    SHA1

    de856efb2db73e9fa9545a270a5645244eab4d28

    SHA256

    964961e9a57a2c81f0c8e616e1da081af6f2658c83e40e67018d9c4b9fc836ba

    SHA512

    e292143e17da788e9f31a75f686f2372242af4a5f810f9ca1f6cd1e373f4dbb43ce48faf9314f87be717cfad20c30b3339e333e87ab8e3d52c4d332efd232417

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eef81ce4ea19bfbafca34ebc94d6d248

    SHA1

    cf12ae6e6511617bb2e90141eb1596f400805377

    SHA256

    7a6311e30c772ea6678c79af12a7ce63434871eae98107978acb70a3d885849e

    SHA512

    d44c5bf317e04ea7f3f05f459b42aed40b09170cd34d51252704e5ca86f65f916f47578201bc32938d673041acb6a396e3da8388294ba18d5c1d189b0fbe9a29

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4d11a7dae307f9e378c6cf2449bf530c

    SHA1

    c2b21834500faf36ca53251e643ba22117806cd6

    SHA256

    ab6beaeff279bf6020f11db6dc8f075ab93f5db82439165f85dcf921f18711bf

    SHA512

    c835b62e1b935866d0560615bfcf4eec529b6e728467ea5a0abd358db0f710c27047000384e8fc1c10090d9352eddf565b0768662dec9a41e26a0644a09fa46b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6889518a834663b3e706b1f95a798e37

    SHA1

    2901b0ea08e0e4f41da05c9260e2f3fe97095f6b

    SHA256

    15b4978ef9b5130e10dd121273e62f02c300a3ac1b2f5a4c24b82f32d5269ab1

    SHA512

    6be847673409137dcbffd9f62e9eea90123a499aa5b13952b85ce30c0925afb27b77dc157d85aea490959b51a5ebf4d8e4fc125ebb53be137c6612046e8dff88

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    90ffb31731afee1018cdd01412839229

    SHA1

    fa23ca3a0982b4906c7502d23da69df6800991de

    SHA256

    65d0a64b3280118221b5048d5708137a7ef712667509eec6782eb27b7608a65d

    SHA512

    90a92daa1ed519128d433f09bba4aa65662da0dd7bce485fca7054918e88f6fbe0ae4eed26e5d63830d11d7ec94e518c527af443d8e5a2a6339aca13f3b574ef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7d150c48f8f394d56c69b228b80a18fc

    SHA1

    ece15da395291525fc973d48d844ae93bed3b4aa

    SHA256

    a7ee62f0417c582f9a4ab51bf9e1e2d9ea094971d045e11a5a89abefa90e6a58

    SHA512

    949c3a2274d98b2c4e066ee28295dad2025377dc5da69e3c1c9a388be629e767e5417290acc3106f3224c1526c1ba00b9d23c91d710552191b7923f70351dbb7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8c33d4dbc3c9ee56990edd091e468700

    SHA1

    4a42cf3c464ed896ee400b829902f52cbf7d591e

    SHA256

    6e69cfabc764d15029b92b9ac12250d3d0bc0e2ef57a2c96232a4e22a177a0e3

    SHA512

    5ea7295fa89571679d87af7fc2b803f198bb0ffecc32e18325565f8dd3dba07b8da0192fe49734315b1691f41954fa6008efcdbbe4d4a1eb931f8ac327f5403f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c2eb411d3686a817e66d3cfe18cdb0f3

    SHA1

    52a2036559594ea10dc73206439cc03963572598

    SHA256

    ebacfeea0d938f3554e10a34f2355922bf3df3f0f837a571bf93634b74745b4c

    SHA512

    992af6690098dbd769c211c036a5d97042b7d59b020e434b81a7df457a19e3422a175965155eaa11917006afd63c79225558c5068d7ce19f8cb44ad36f1f2ccc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    56274b843089770ee552d173b44e0403

    SHA1

    ca3d043aa6b5cdf4764c93399776b9d625d29fbe

    SHA256

    db9784615eb4011f8aeb8d19f3ed40e99b6c1cd9aef91dc693f1a15ebc142753

    SHA512

    060808fcb3b7210fcbd80fa3f5fdfc40169f61274d47c20be2ac8735ce32690b6ab49be5e06ef749dbd2f86ac9a277b022c440ddff4a51363b3e5ab563d0cdbb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1dc9e44ebcbccdfd645777e1d454c9c4

    SHA1

    464f1cbf7467c07c15b0a4e2cbca100bc95598d8

    SHA256

    3a773b84dc7258acf46042ee9453fe5ff578040643cc06f80bcc466ab403580f

    SHA512

    0f9a99e714de9fd957d18e092f45291e62f039d93bf69b352419444f51e26e4cca43d3e4a7f9ac264258c42a7a133be4ca41c2da831dc8e8bd8a19815fc5fd73

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabBB83.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\FG.url
    Filesize

    192B

    MD5

    0fcf82b5a915470e8a79d3516f582a36

    SHA1

    75f81b41607905b231521243129aff3554a58db0

    SHA256

    076264d4f165cef82f0cb07f6795f1d5ffa74741a943fca42cdeac65823bcae4

    SHA512

    adf69ec56756fe672677b039cb44bb13fc3adfac569f5ea4eda4e7b35de5ebe0229c5825ca8337aa2c623a773bdf775ddd3689e9fae03a7af1f694576d954293

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarBC63.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2684-26-0x0000000000400000-0x000000000056B000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2684-25-0x0000000000400000-0x000000000056B000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2684-24-0x0000000000400000-0x000000000056B000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2684-0-0x0000000000400000-0x000000000056B000-memory.dmp

    Filesize

    1.4MB

    Download