Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

61e8754e22...18.exe

windows7-x64

7

61e8754e22...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/07/2024, 23:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe

  • Size

    10.8MB

  • MD5

    61e8754e226176a4311b3bda2f7f5a4a

  • SHA1

    ab7b9cc772640ae291f1e5310ed7e2424d499c84

  • SHA256

    400eea86fdf5670b9ac9b96606483fda8f33ba2863b37b506ed6ab1bf882c93b

  • SHA512

    093ab429daf7f07040b6c6facea781cac0852f1ac5a39d935c1483859f880cfbef5b70e75dc977ffc22de921b0f76559b3b7dfa21fe29c967ddc98a450c8ddcf

  • SSDEEP

    196608:N8eM+zrUH3Z6+NWfpayWpHBFlnY+6NBg3fJzYcLlgFItURZWRLuGGHpMbdDUOzNt:NlM+zrUH3kWWRCFQBsh82lgqW8SZMbdf

Score
7/10
adwarediscoverypersistenceprivilege_escalationstealer

Malware Config

Signatures

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Executes dropped EXE 10 IoCs
  • Loads dropped DLL 8 IoCs
  • Blocklisted process makes network request 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Installs/modifies Browser Helper Object 2 TTPs 6 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 8 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 3 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 26 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • Modifies system certificate store
    • Suspicious use of WriteProcessMemory
    PID:2972
    • C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe
      "C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe" /install /sid:S-1-5-21-2636447293-1148739154-93880854-1000 /installwindow:524366
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Installs/modifies Browser Helper Object
      • Drops file in Program Files directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1820
      • C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleUpdaterService_5898FABCFA121C11.exe
        "C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleUpdaterService_5898FABCFA121C11.exe" /install /appid=tbie
        3⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2008
        • C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
          "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" /Service
          4⤵
          • Executes dropped EXE
          • Modifies registry class
          PID:4396
      • C:\Program Files (x86)\Google\Google Toolbar\Component\SearchWithGoogleUpdate_C58171F2E8870EA4.exe
        "C:\Program Files (x86)\Google\Google Toolbar\Component\SearchWithGoogleUpdate_C58171F2E8870EA4.exe" ietb GUEA
        3⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2464
        • C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
          "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" /RegServer "/dll=C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\gtn.dll" "/swg64=C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Installs/modifies Browser Helper Object
          • Modifies Internet Explorer settings
          • Modifies registry class
          • Suspicious use of WriteProcessMemory
          PID:3244
          • C:\Windows\system32\regsvr32.exe
            C:\Windows\system32\regsvr32.exe -s "C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll"
            5⤵
            • Loads dropped DLL
            • Installs/modifies Browser Helper Object
            • Modifies registry class
            PID:3168
        • C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
          "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" /install /appid=swg
          4⤵
          • Executes dropped EXE
          PID:3672
    • C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe
      "C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe" /postinstall /sid:S-1-5-21-2636447293-1148739154-93880854-1000 /installwindow:524366
      2⤵
      • Executes dropped EXE
      PID:2196
    • C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe
      "C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe" /custombuttonsinstall
      2⤵
      • Executes dropped EXE
      PID:2356
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2000
  • C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -Embedding
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    PID:4712
  • C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe
    "C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe" /service
    1⤵
    • Executes dropped EXE
    PID:4296

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Config.Msi\e5787a2.rbs
    Filesize

    7KB

    MD5

    4e5b728ad6cd76e1fb58f3412657d4da

    SHA1

    20cffe9b25be9a6036592b0b76f925654bea4b55

    SHA256

    1224f98dcb3785169b86136e328a71e7182055b509b022dec26e9cad4fdf3e8c

    SHA512

    f99bfb00677dd1a2625592ee558a3d2f795574daaf94012b6da713801e2cda6dd558724280de6e4b4f065ed6c02e5962f9bd89b1cf6bcbe87dbf930e8d8b1a42

    Download Submit

  • C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    Filesize

    178KB

    MD5

    cc839e8d766cc31a7710c9f38cf3e375

    SHA1

    a20fe767ae667638fc2ed43563bd436542ca7ad4

    SHA256

    327d57f18b4a2d1cb06c5682d3364097ecd3cf40c2719aa1f41d0b49a26003e4

    SHA512

    45114b19655bb5de4707470cb4422b283d976fb296c85e9d23a044513c0103b265a1f5de00f90e7086f035d495338cb708b103767909a0f99bca08d4a7813b8d

    Download Submit

  • C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbar.6.3.1106.427.manifest.xml
    Filesize

    21KB

    MD5

    cf3bfd796723cdbf3604c936c2a74ae5

    SHA1

    e301400f2262a87eb8708c86f4d2fff9af48d6dd

    SHA256

    d21f7bd2a4aa941d6420c2debf97c46b127bd3c27457fe942b76ec1329646a31

    SHA512

    00a417462b5aa12316583b64c00c57c0cf3ac2b3ac88886254dd24a326c0cd96754e8d12e0387978bcaec753da0ca7481dfc80631471b67debd07cc062853bf3

    Download Submit

  • C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll
    Filesize

    633KB

    MD5

    b741ac5a4f8a27677753a7e3febfd2c1

    SHA1

    7e5f85236774ef164e47d03b6c8995387e634188

    SHA256

    2f5b347ed57b8923603f44bb8b8b0528a2069956c603a0a33c93b29adf143507

    SHA512

    87b64592c1c71c439e78259a6dd5caf99bfde4049052ff48aef609393d24fe861b263fa185bad68558d1faf3e831f0b97748fad35ce43ebbab6cfaec2f148ed1

    Download Submit

  • C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe
    Filesize

    978KB

    MD5

    8f6cfdd445e930a8cf96dd9667febaa7

    SHA1

    66895cb58cc6c2e83f4bbe59214d7dad5fb1d0d5

    SHA256

    e98a014a81ee873c49aee34d461ab267f3c67ec0ad3e67934c622a45fe82a1c7

    SHA512

    5c0269c7fa16d91b6acffa0fb1a23d4b7023c81e3b3af0745e555c272636c2c4354e295852c345020801fcff2397e0ae5d1a1d6d97fb2c66ef8b01eeab6d530c

    Download Submit

  • C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarUser_32_AE9B99EC70822BD0.exe
    Filesize

    278KB

    MD5

    41a133ad4531511ad0df53b9eae977e2

    SHA1

    f5580b13d91a319f670c56d354056a901bfbad0c

    SHA256

    e576924e6b5e1ae15232a7c52a51dc81c6c4decfa9e49005102f3f5ec87b8035

    SHA512

    4a6c93b140939ead354183d9bfbf9e7f5ec577eba008b48d8ff617f4350cb7065a1246416ba6a8913f928953bad6a122ee369e344a2ebcc794cdca39f1005429

    Download Submit

  • C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarUser_64_BCA4B64C7F249C8F.exe
    Filesize

    365KB

    MD5

    c93210a4bdb39e79b286eb5ea61b838a

    SHA1

    f57c932e62fb417863a15c52e66a8d9fec4e8fdf

    SHA256

    8f556e2ba24dd26f7c36a9f2182311f68ff29f3420a8024862024824c4af2ae2

    SHA512

    fc104d9fa814d3d9c0b7fecd9432d5747280ce164e61494443c7de07b09fbb98b1650244ba6ec81aa352719e5385ec18cc01708a19e4ca6474e45f0efedf0591

    Download Submit

  • C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbar_32_E857042E7D2E74E0.dll
    Filesize

    257KB

    MD5

    88a099bacf2377ffb514188a9481fc83

    SHA1

    878e6164968418db4745d4d0e494504594cfd840

    SHA256

    163874fb054cf333de0a08fb26484db0c33e2441d66041992ef1ef0e6d4f9d29

    SHA512

    d7ae3a36ec39beca70a516399bf163adc98830b04c749ce5f77aced18b6a167cafa9a2c87a89a8615c8db88e79fc20459bc48bb69f5bc8f8363212203731100b

    Download Submit

  • C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbar_64_41D8280252A4200C.dll
    Filesize

    348KB

    MD5

    786dda81f24996ff71fb69194a376a83

    SHA1

    5e59cad3f302be988b7e5a28ece4cac2ea98a9b1

    SHA256

    180de7db6b8c010feee5fc4de662b63057632aa694294cb52d42028e709cfc35

    SHA512

    2ada517874e469b9ef8d010ce61fdbeaa458185e0237b5629ee0b68c1bced99c6cadbcc16a265a0348d797e0a6bef611f325be7da1f88366afca1049869a10d7

    Download Submit

  • C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleUpdaterService_5898FABCFA121C11.exe
    Filesize

    178KB

    MD5

    1c50ab911b3524356d0c58d8d669f09e

    SHA1

    8196bf79d278f064feaa77f3353410273f8611e6

    SHA256

    d9576a1a8dfabb5c47d7f98cb4dfdf5e36461e95a7e892dc724be30ea113e7df

    SHA512

    824135b636cfcd8c4a95aabfb7114462e083957de25d28f65f096fdb2040b3df9f5a0007673559c0b62649d6deac3dc7628d84e414e5e73b2306416d6af88a8c

    Download Submit

  • C:\Program Files (x86)\Google\Google Toolbar\Component\SearchWithGoogleUpdate_C58171F2E8870EA4.exe
    Filesize

    1.4MB

    MD5

    d81e59ede6f186e449da1eb0c01d7eae

    SHA1

    156a90d84d3b0eab1fbe08b7625797ed3a8a6fd5

    SHA256

    78241a6286d4ce768ece3e19ab34d0ba053cbcd11ba77f52c3a7709ec8db6460

    SHA512

    807855c49f97de0142e7136099f7bd7423dc31dd19a23063d61cfef3a08f1aa49322815521b4bfcd3f2864d90a5592d464ef7b83621f01ce3d6bcf88f1fb96f2

    Download Submit

  • C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarHelper_signed.msi
    Filesize

    27KB

    MD5

    e667fbd5e5aefbaa3686c47bd5a869e3

    SHA1

    cf17b301e67c1b518cc865e55050e38c4c410361

    SHA256

    b70fd4d873e84e1eca0a8530bdb9031f98b644373d1c5c5d1b81b92c92953ebb

    SHA512

    c73b0256b07fdd7bd21b1717a0e6d73b0909831a9a07e9983f38568ce2134379df797163e16ac80ff26776abffed4b0bae30c0327ba43ab561bf04a90e6a17b3

    Download Submit

  • C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\Readme.url
    Filesize

    133B

    MD5

    26459ca8c3e957b05d3a3c4e5bd6d1e4

    SHA1

    15a3b15568c850a788a9a3baa2f9f62309e79af6

    SHA256

    df0d1e1b039512207c1bf47e984faddc20a0fc6af405af276adc0613722aa530

    SHA512

    de1b46ae20904b62ac498286faef328b61817cb613e8dc495982b775d8612df6411cef57e2a028c4d363b63e674ae4adbb7169445cc9360d43b687ddb81c5b6d

    Download Submit

  • C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\gtn.dll
    Filesize

    145KB

    MD5

    9c0cd5125cbee6fbe8c9c3eb7779448e

    SHA1

    ed4318be2275115f4075b484123b205d8326c3da

    SHA256

    9a7fe591775d4c42951936697c1b414a5fdcde03ed0b042fc6705f6151979083

    SHA512

    cdf035eda7f02e8bf3ba7d55b21a830eaae12c89eae25146ca6ddc6a04cf90adfbf22c869afd1b384a1efe6e406f5b9644ad06eb19ae592c7bfe03f41bdc8982

    Download Submit

  • C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    Filesize

    746KB

    MD5

    cd91e666b2446530583fbffcf537be4c

    SHA1

    7fbb6e6e571afae599f82c2125b501c189a3fdd1

    SHA256

    035b5626a829d5001cdf689f7e897ce03e43e0eb9795dfbe4eb354dfbc037c2d

    SHA512

    c9dc77f6e0a02f2e8e89bc5002187e86059ecf76deb2c61883ad8f38b730dda7d2e9a68dc892a02accca0f59999e9cc1dc9fee008fc8ef563f044276eed54849

    Download Submit

  • C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    Filesize

    38KB

    MD5

    5d61be7db55b026a5d61a3eed09d0ead

    SHA1

    215950ce5d40907b041346f22b4e404ee591581d

    SHA256

    d32cc7b31a6f98c60abc313abc7d1143681f72de2bb2604711a0ba20710caaae

    SHA512

    b1dbb67867cbb36c322bd774bf01267f56e398e364ebce4bd6f67c225c330b0b1843b06397e55f7f04dcc8d75b039083ccf08313b0ed03ecff7eb00033b0a598

    Download Submit

  • C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll
    Filesize

    311KB

    MD5

    c84d25a6a12ba1f100ef8607fb9ca012

    SHA1

    f2718832b9eb559ad993c09d864ba04f330e51bf

    SHA256

    de3055e2b3b77481abf99275df0dcc369bbde22e80ee1ded908814bb24972a89

    SHA512

    a056ca4dac11d186c73d49c505671dbd4625c59ace078e96ee109c9ebccc1220d78ae20b8c01d8bfc5d82792e06160c2216dea578750063ecf13000c985d7fe4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C3948BE6E525B8A8CEE9FAC91C9E392_D5DDFAB42EFB0088195E950E60A6F50F
    Filesize

    5B

    MD5

    5bfa51f3a417b98e7443eca90fc94703

    SHA1

    8c015d80b8a23f780bdd215dc842b0f5551f63bd

    SHA256

    bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

    SHA512

    4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5
    Filesize

    1KB

    MD5

    1ba25895dc793e6826cbe8d61ddd8293

    SHA1

    6387cc55cbe9f71ae41b2425192b900a1eb3a54f

    SHA256

    cc4c5c999ca59e5a62bc3ffe172a61f8cf13cc18c89fe48f628ff2a75bdc508a

    SHA512

    1ff9b34fdbeae98fa8b534ba12501eb6df983cc67ce4f8ffc4c1ff12631aa8ed36ff349c39a2186e0ac8d9809437106578a746eec3854b54fef38a3cc0adb957

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C3948BE6E525B8A8CEE9FAC91C9E392_D5DDFAB42EFB0088195E950E60A6F50F
    Filesize

    416B

    MD5

    cc4d955dc214b4320fa41744634a3a6a

    SHA1

    c0adacdbb9e99e5b4cef410878361eb65d39ce52

    SHA256

    f0b22993d5b9b89dfaeb53f8a3c10006fa4d728d49d80ae124585179c1f8a507

    SHA512

    63a61537dc6afbda02c94cb2db7aa6ee620518f1c1d2cfdcfd4b87c87f7baa5ba3836c6d350d82cb7a663cfd425796dca0e82e77e72979ad2085230c0daa10a8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
    Filesize

    182B

    MD5

    daeb3b2946b426265d0bb19b429cb330

    SHA1

    e1fd50299547dd6461c8285ddbb59c44f98d1f65

    SHA256

    a5316d6819282ebedf41306ea555a08160e30b6e7476f588cddc0ee6bb60d74c

    SHA512

    e64f8548ae847cda6191d5a17c863cb0433972eba16255775b58b3deba25a0a8351c4f044f4d84b1249915736ff0c0c845e9293de82e6a9f8b943706cbc9fb4f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\GoogleToolbarInstaller1.log
    Filesize

    4KB

    MD5

    f36068f7e6e21ee65bdcc43168af591f

    SHA1

    70128cabff4c178e37068d041abd86cc663dd730

    SHA256

    bf6cac214ca293663255ddd483f4e95553522de76b0d30e243f481306b33eb86

    SHA512

    0e8ee13badcce7bfe1904c4746206f6c67ddc211194d6ae9e3971d5b15d8e1210498bbc8d28a191c7a449b9db2322af795cc5e792967fd195d90109173bffe77

    Download Submit

  • memory/2972-0-0x0000000000E30000-0x000000000315C000-memory.dmp

    Filesize

    35.2MB

    Download

  • memory/2972-2-0x00000000051F0000-0x00000000051F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2972-1-0x00000000031F0000-0x00000000031F2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2972-172-0x0000000000E30000-0x000000000315C000-memory.dmp

    Filesize

    35.2MB

    Download

  • memory/3244-137-0x0000000002630000-0x00000000026F0000-memory.dmp

    Filesize

    768KB

    Download

  • memory/4712-153-0x0000000002470000-0x0000000002530000-memory.dmp

    Filesize

    768KB

    Download