Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
144s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
19/07/2024, 07:37
Static task
static1
Behavioral task
behavioral1
Sample
5b01b2d1c0add89962477e61c5b92e79_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
5b01b2d1c0add89962477e61c5b92e79_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
5b01b2d1c0add89962477e61c5b92e79_JaffaCakes118.exe
-
Size
124KB
-
MD5
5b01b2d1c0add89962477e61c5b92e79
-
SHA1
5ca062bc223afa1c5f16cc073da3f5118b374c51
-
SHA256
2b6b86a62e94c2e6122aa9ba6fe486cb41dc2d38250af6643931cb239ca33d0a
-
SHA512
fa5ac1026117b1f1a4a3305776bb946d8022c3f3da1e741c07f3525f12d6d829bf31958d23571dd614dfbbffd5ea36b621d9921c625b8791094dc329ea662967
-
SSDEEP
1536:8dEShwR7kSiuBxeDtMYHa27J14ltxporZ45iMNeG0h/y:QEShwRgSikeV6gJ1uCt45eq
Malware Config
Signatures
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" 5b01b2d1c0add89962477e61c5b92e79_JaffaCakes118.exe Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" loaeze.exe -
Executes dropped EXE 1 IoCs
pid Process 1396 loaeze.exe -
Loads dropped DLL 2 IoCs
pid Process 2564 5b01b2d1c0add89962477e61c5b92e79_JaffaCakes118.exe 2564 5b01b2d1c0add89962477e61c5b92e79_JaffaCakes118.exe -
Adds Run key to start application 2 TTPs 52 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /D" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /Y" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /I" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /s" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /Z" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /j" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /f" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /L" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /h" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /H" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /v" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /g" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /B" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /H" 5b01b2d1c0add89962477e61c5b92e79_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /i" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /t" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /N" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /W" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /U" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /k" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /p" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /b" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /e" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /J" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /r" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /u" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /A" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /o" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /n" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /c" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /T" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /O" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /G" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /w" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /R" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /z" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /d" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /P" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /y" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /M" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /Q" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /l" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /E" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /q" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /F" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /C" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /S" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /x" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /X" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /m" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /a" loaeze.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\loaeze = "C:\\Users\\Admin\\loaeze.exe /V" loaeze.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2564 5b01b2d1c0add89962477e61c5b92e79_JaffaCakes118.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe 1396 loaeze.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2564 5b01b2d1c0add89962477e61c5b92e79_JaffaCakes118.exe 1396 loaeze.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2564 wrote to memory of 1396 2564 5b01b2d1c0add89962477e61c5b92e79_JaffaCakes118.exe 31 PID 2564 wrote to memory of 1396 2564 5b01b2d1c0add89962477e61c5b92e79_JaffaCakes118.exe 31 PID 2564 wrote to memory of 1396 2564 5b01b2d1c0add89962477e61c5b92e79_JaffaCakes118.exe 31 PID 2564 wrote to memory of 1396 2564 5b01b2d1c0add89962477e61c5b92e79_JaffaCakes118.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\5b01b2d1c0add89962477e61c5b92e79_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5b01b2d1c0add89962477e61c5b92e79_JaffaCakes118.exe"1⤵
- Modifies visiblity of hidden/system files in Explorer
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2564 -
C:\Users\Admin\loaeze.exe"C:\Users\Admin\loaeze.exe"2⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1396
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
124KB
MD5322e5377cab1e0b10977d6ed1acd6fb0
SHA1b1cb257aacc65d99b5869906ef29d1a36d0ac728
SHA2562c3edf16fc176ee0541c41da864ca7cfb02c457d074410dcd9e067b0da89a8c4
SHA5125582801cd5746a2fa9c66ddc15223615ee12763686bb99f1fb234955602d99b7028283cd93f1369f0d16faea0beb2acedbfeb932f1f56f500e0ab53bd995cde7