Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
19/07/2024, 17:42
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
5cfb7c623d430044777099408ccbcf9c_JaffaCakes118.exe
Resource
win7-20240705-en
windows7-x64
8 signatures
150 seconds
Behavioral task
behavioral2
Sample
5cfb7c623d430044777099408ccbcf9c_JaffaCakes118.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
5cfb7c623d430044777099408ccbcf9c_JaffaCakes118.exe
-
Size
216KB
-
MD5
5cfb7c623d430044777099408ccbcf9c
-
SHA1
3e4e44868a35f66a9ebab369b1ed50116ca31bf3
-
SHA256
81d68440a13b92c050d5733e2d4b0ee43f41b896e7281f5ce50f9d902b46c03a
-
SHA512
4ee04b9a8066577a56e73e282a8f526f8d0084d353562fa98178e7839a34d42fe7d8c3d30f535e3131e67f79dfb7195c8ae18310e0b72edbd6368eeea55410be
-
SSDEEP
6144:mBp0S7F+9rorhkPkr0bT0ckLaz/RJeIaAuiIv4wg9WNltq1QQIO7gTxZf/wD:mBJ+9bT0ckLaz/RJeIaAuiIv4wFNltql
Score
10/10
Malware Config
Signatures
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" vouihu.exe -
Executes dropped EXE 1 IoCs
pid Process 2368 vouihu.exe -
Loads dropped DLL 2 IoCs
pid Process 2760 5cfb7c623d430044777099408ccbcf9c_JaffaCakes118.exe 2760 5cfb7c623d430044777099408ccbcf9c_JaffaCakes118.exe -
Adds Run key to start application 2 TTPs 52 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /D" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /N" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /y" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /G" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /i" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /F" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /s" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /M" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /f" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /Y" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /b" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /d" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /B" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /q" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /n" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /v" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /t" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /J" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /z" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /W" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /R" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /Q" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /S" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /V" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /a" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /O" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /I" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /r" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /U" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /L" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /o" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /m" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /H" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /p" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /Z" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /u" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /k" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /e" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /w" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /j" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /T" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /g" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /c" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /h" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /A" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /P" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /x" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /K" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /C" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /E" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /l" vouihu.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\vouihu = "C:\\Users\\Admin\\vouihu.exe /X" vouihu.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe 2368 vouihu.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2760 5cfb7c623d430044777099408ccbcf9c_JaffaCakes118.exe 2368 vouihu.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2760 wrote to memory of 2368 2760 5cfb7c623d430044777099408ccbcf9c_JaffaCakes118.exe 31 PID 2760 wrote to memory of 2368 2760 5cfb7c623d430044777099408ccbcf9c_JaffaCakes118.exe 31 PID 2760 wrote to memory of 2368 2760 5cfb7c623d430044777099408ccbcf9c_JaffaCakes118.exe 31 PID 2760 wrote to memory of 2368 2760 5cfb7c623d430044777099408ccbcf9c_JaffaCakes118.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\5cfb7c623d430044777099408ccbcf9c_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5cfb7c623d430044777099408ccbcf9c_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2760 -
C:\Users\Admin\vouihu.exe"C:\Users\Admin\vouihu.exe"2⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2368
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216KB
MD530eb827c2e3cb066cef142b28324df38
SHA1ef682e30125b71953722879c0a35ae76d126b2ab
SHA25665cea5fcf2340c9e2047684a6501872ee6b2b7a1cef97713197327305acbe291
SHA512fce0086e6d6b754b434a9b4f716eeea97e6916b2cfc2e2ac1a98414b3c43adce88f1fe76a23433904404e9b90fedcb82ca773b22206c41b80af30a7410be6c97