Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

5cf549c049...18.exe

windows7-x64

7

5cf549c049...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    19/07/2024, 17:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5cf549c049bf768d3348dee19c717b7c_JaffaCakes118.exe

  • Size

    68KB

  • MD5

    5cf549c049bf768d3348dee19c717b7c

  • SHA1

    a2a33a59b49b07c7de156b8a48ae31da5d5f2790

  • SHA256

    def88184d5acbfb75a90c9d203feeaf2a0888dbf43709a7991a15a3dbfa1cac5

  • SHA512

    d950a036bdd2b87e338f80ebe4a9549c4febe32e8e55401fa4488c8552fa56b2e91bab5d5abb9dab4177680bcb345d915aee8330618c0a1811c9472144e931a0

  • SSDEEP

    1536:3n/oYXOWeY7eqORvtn//3z0wR3uDF5wSd9lDoo:3/o0e6eqUvFb0wR3uDFtdLso

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
    adwarespyware
  • Runs net.exe
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5cf549c049bf768d3348dee19c717b7c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5cf549c049bf768d3348dee19c717b7c_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2304
    • C:\WINDOWS\Tasks\SMSS.EXE
      "C:\WINDOWS\Tasks\SMSS.EXE"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2244
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\System32\cmd.exe" /c net stop sharedaccess
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2380
        • C:\Windows\SysWOW64\net.exe
          net stop sharedaccess
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:1884
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 stop sharedaccess
            5⤵
              PID:2732
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c ""C:\Users\Admin\AppData\Local\Temp\kill.bat""
          3⤵
            PID:1564
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2176
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2176 CREDAT:275457 /prefetch:2
          2⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2816

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        f29a46ed89bdc8a7b9ea6b08e8fef960

        SHA1

        bbb409f2d1a5a06678ffe037e42e849b3ff11c2b

        SHA256

        a0727fbee26ae297ef71b4c149f49a26470243409993ee17249d8e53f1bdf9c9

        SHA512

        285492c893335c28c55fda16867e72441cf0818322c124e47a0ab93d16422961223c418c059ebd51789f0cf462bb78a2d1f07d384f0ee5c858ebf5593cfbc703

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        adba08dcdcb95ec4d443fe84ea7746ff

        SHA1

        d99538d801a747860638e324bb503c17692abe9c

        SHA256

        9c0ca26eb4c1d39584aaa7a3ed44693d43a24b717774fe21fc0fb6a052622b79

        SHA512

        f27dd10438607e809a77b0eee79a54ea1e9933fc53a182c301caeac5de20af992c74afef6604d607e6b720f732d9ecb839f1dc0851133c7cc9b034c0f7d2ca6e

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        743a8933198e0d8d1c3bc173b153477d

        SHA1

        c92cf6b61d324115942d5f332c0f8e961083b3b2

        SHA256

        c5d789f31f497cd274b40c43c7fd390b524eed1f3e8b82fd194f2e4d6772d715

        SHA512

        f1f296fd0b1f73cf83ff7a6ede55f73be5178ef286349a37ab39201c33c4fffa360a2527e0ffc6bcc09f5576b62eb35fc0a96674af5d75a648c644b137a8a4cd

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        1c8dcfa3cb8cdac63dd0c50ba26a55e8

        SHA1

        804a1774b0718ebc6f2849b3a291df273c8a8070

        SHA256

        b3ef96e5de9cb5d257c5959a97326281af35296d3484177de4c91fa486080970

        SHA512

        0caf868664765e376a78eeb9cb9339c90dfe8c2ed675fe6dde57f7a6a5fe7479ec8a4d8dc3b5783d8a06c40a398eb7e92e3bb9cdca32e4f1ef76ffa3da3e160c

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        97427fd4250da1610bdbdf675967f2e7

        SHA1

        6fe60695266abb9e1917e52a16a6e070eb8f0f8d

        SHA256

        996ed4718bf78d9fdd975b52d65d026f7c8f96c513efdbafd5c694344e3aea36

        SHA512

        fac6f253999d75bc2a5e486bc01456e5f034571cc86fc491549dbc8c3fb4028ebc62b5cdd3d0592af0da1810ff1a3e87f77d7cf7313a5e7d0bdd31925dc894ac

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        56b161ebaeed5ed85da2712803c1e1e8

        SHA1

        1f9d16fa0076715b6602576e2a044728807a524f

        SHA256

        e451b96d385036412bc943b9f9683259fcc47ce377401217be3bc31e5bfe0d09

        SHA512

        91199b19823dab045083a53bd712068b26706cf4f81b377c6e5b28e1e44cb64e37dff9fc50389852502966f6bb471d003b1ec9d2596a00f5acc5cb7e207f8b88

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        2e4a78543e19eb9670743344b3c600a1

        SHA1

        75e76efda64a7d07155f14f13256523c39b1d6db

        SHA256

        607f7b6a39c1b616c1e78f29db67c459ee4a528a3acca581b195e9b1ee1656e7

        SHA512

        0d761097241ea0ea4e36d201df41851d82f57b0deae7cdf6d8bc72651c9b7b417f95170d21dfac05311dbfa71e06b6ae0e1853b6c6078db85f1987e490092841

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        ddf01a08fdf4ba470ee3734c8a9a6af0

        SHA1

        c1ba71188dd78e055ff9ec1d40f7b82ec12b56a1

        SHA256

        d67a0d736948f2834278ffe59d8b0fdbb066f47f64da1a029bf60186c9a6e679

        SHA512

        769712408b5489600de393dc47fde6f1db19d447636e84587483a137e9edeef2a1411a29ad890e7d464f9eb0ecfb317be32e9ab860ec8e8375edf76de6940de2

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        f0158e08623d969229c286045664349f

        SHA1

        2236e56fc44663c25fcc580f6e97e7b9ce8d8aa1

        SHA256

        8d5285c3a234cc88e2162606552e63a94e38e173ece64c099ddba6a841b39c36

        SHA512

        13a2827b88e689ac52b8348e1f3fea5c53e32124fe036b66f8accfdc2ec67e818f72d19e9f20a433ce9dfe41093558baf689e30d91a2b8112bc5558fd59a7787

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Cab7043.tmp
        Filesize

        70KB

        MD5

        49aebf8cbd62d92ac215b2923fb1b9f5

        SHA1

        1723be06719828dda65ad804298d0431f6aff976

        SHA256

        b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

        SHA512

        bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Tar70C3.tmp
        Filesize

        181KB

        MD5

        4ea6026cf93ec6338144661bf1202cd1

        SHA1

        a1dec9044f750ad887935a01430bf49322fbdcb7

        SHA256

        8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

        SHA512

        6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\kill.bat
        Filesize

        134B

        MD5

        e447b6db0bf4a9a5f9605922a88dedc1

        SHA1

        3e2a6751a6bd8e2140a20ccc65f719d7e8ebf188

        SHA256

        afd7e8e9935ea904f27edbda17d524754c7afd4ab3ce0c6f6167d3cfab942448

        SHA512

        ae4ead80685bf3391a56c4756cef56bfa7d4cb6c0c9b82f5b7f730c82a26e9e12d1f9ab0de5f990d6f18e758b3bcda6f115b9a2481695d20ac6205ccb77e97f3

        Download Submit

      • C:\Windows\Tasks\SMSS.EXE
        Filesize

        12KB

        MD5

        46a84d5fd9399ddf2efb8cf176b44fa4

        SHA1

        fff84811b9da3e8f585010ec07bc65cc449c87d9

        SHA256

        6bce52214fd5f3671497e336b20440baf3c57fc07e7959bee9b97e07a2e40b35

        SHA512

        2400cd8ff9d33a5a107f9556d3d5740cc12295a5ea746bfc6715e839f0ecc5d854ea3a6772193257ecf18797c2064de8ba6e18ec166f4b7f4aab3ed67a789638

        Download Submit

      • memory/2244-21-0x0000000000400000-0x0000000000411000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2244-12-0x0000000000400000-0x0000000000411000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2304-1-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download