Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

627e1b9841...18.exe

windows7-x64

7

627e1b9841...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    22/07/2024, 08:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    627e1b984105484eca3a2141754004e5_JaffaCakes118.exe

  • Size

    50KB

  • MD5

    627e1b984105484eca3a2141754004e5

  • SHA1

    7937a822890d8fc4adb6f8c09437cb75bd96b9e0

  • SHA256

    d707dad12d7746654c7248fb3c059d7deeed3e1cd21eb19af37f3fc42be9b84b

  • SHA512

    32380424737265e97b7f92eb2be8680ee0844ed4510853abd5a666d6f989b6a31c723d1fab5da46d25bd299bfbd5e81fe4b722183b574a2d20422498a6e4f38d

  • SSDEEP

    768:jsjxVLIoOU23fFPoPxarTB+KZCwaVdbrx4xP6pCZrRhvpUu88MRt:OIjaFwU9rx4xyyUVH

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\627e1b984105484eca3a2141754004e5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\627e1b984105484eca3a2141754004e5_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:3016
    • C:\Windows\Vanguard.exe
      -r
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:3068
      • C:\Program Files\Internet Explorer\iexplore.exe
        -r
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2528
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2528 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2700

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    72d10aa69411d4c3a7fdc6d97ef0c5e0

    SHA1

    ad54ca9b0ddfd231aa5d543c580f60374e8abc76

    SHA256

    d56cabca645dd86275ae0c2eb0fb344858856c8b6a71a6191621ae5cb53b86f9

    SHA512

    65417ed23f0fe060b046273b6d4c1cae33bb86771b1dbaf6e8c487b78504dbc834e561cc68e099d9e567d7518f1fabfa570616c0de0401525b235487117ee235

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9754c4651f11578c2d06975c8606de0d

    SHA1

    46f8701c27e528cc823e541a29c04068dc48ec3f

    SHA256

    6e4b4c659d471f4c5be087263b84d8c00ccd8f14951fd5e64e038d03be14016d

    SHA512

    6eedd4c561b142786823e098d717e8d0b1dfb3d3e60f0202366e19476b38c749cda18f70496ef8c7bce7dae1c20535dda146cc539eef17e382ba664eceab5e1d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    179f490af1bd486df151808a1f424e31

    SHA1

    72e149a3a72bf978efed78ef50cb1237e742c81f

    SHA256

    397e27abae417346e573e4e2ddf3ebd56c6846ffa9942c7c6dfb6a6097be20fd

    SHA512

    43b01273a5f9a4d0f482bdcb60826cc5228409434e90cf27b8e612e831148ea705c5499706275eba1a00a68cca186b1b3725387619779c4ef4af469f96f7f5fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1f4ec1880f81e8ca5408bb3f9d14348b

    SHA1

    1978b0ef2ba7e6b6c17a8bf4df4dc23171d5755a

    SHA256

    a1ba91e7035b298176e7e9c2af0151458e4a20aab49993141813d78dc01e3394

    SHA512

    9cdc56e4988ebfc6f878aa2819079c048d80be93055687408992596142d04d32153781482056764f31cad39289c5ae1bae2fe50d61cea78c6b935d22b52121a5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c91c08144f4c61fa0552b2cdfcf8cfa2

    SHA1

    6038a8120a073b2d68b9db6af980b5741fa09258

    SHA256

    93258ce7c6a60bf740b2b2d254b2d01052ff62a78fefda6bb1862fc107371039

    SHA512

    0de5c92986718c9c3af4a33da1685c7783cd8008153ae776cfc19a9343ce3429d4b9af9c5abb53512f310625ab8ac639980356a2d8cd0a3a022c84d8a8b730d3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a42bb37626f5f0fe3d0f39a57cb31e87

    SHA1

    a26de61c4880154990bb1fe55666134a245a8986

    SHA256

    3bf8f067119f7db516c0be8fa5bb2beaad8bf03803701a99e42ca21c7e87a9bb

    SHA512

    af16a5a400d6e321c8e73e0dd274baa7239dad57d351c28857a54b67333a66ae9ca27dad85b0393479c811ea36b86c3a9bc17f55afa66d9b894e41beb79aecc0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6d67aba85fa75904dd678a71e1360cb3

    SHA1

    438e917e7beb5906837143adb84bea818e55b92c

    SHA256

    df3adf7dc01f7bd760b6c7274dadde4423a708a0f4345dc247414a6ba766cb38

    SHA512

    6e2bd57aa12e7947f3814c7bd2fa58ce6fe64cd0aa15a9a65df16926fe5fd884b7953b8aeabe1c28f9826d08aade8ae2f31062a205279ffda045e9270ba28cac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    59356827cccf7b78aec7990257f80787

    SHA1

    9c414f5128d1f919c51b85f7b0557a625908be9a

    SHA256

    63d23fbec9e31713684a44b13437168b439c14e387caaf7c279e0a1a56b83c99

    SHA512

    7824ec9194cbf64e703448731c499a05e928af25e018791208b974dc18122eb3a24e3d24daff56326cf86e13a2a4b2303a889765503d86eb195893796476d242

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f7d5e4ac2843bfeb8cf5efaf73de1b50

    SHA1

    e8d64ec22001c90de0273bedf9564840a6c6b073

    SHA256

    1145687b9463830a2cd7089891ee144aad6c01065934a6fa862124ef6cb4296d

    SHA512

    3dcd8e9167749db27d84b3683ace40238c797bc2fc95a79e645d957b8337379e51ffbfcd057d04460ae3d8fa91b7a7af3a655e243cb9ee440579bb1f20dfb88f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    af920521d642e2abec21491b5a7ab53c

    SHA1

    36ab71ed4ec09e6f2756c44110335be76759b06d

    SHA256

    f4b7b45b07542efa980626f2eb4568b06934b213e1091b727cb520640a305aa8

    SHA512

    9204abbd4227813bee4e00b4fb631f06ec61b2aad77e1c4325897c2d4358c27aae3358d6327d4004657aa96fce5f40bc4bd411c402fe7e185fc5c178fc000657

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f493bf7c7f2cf9061e0fe2b12c2b65a1

    SHA1

    b7dd56a814c050f06e0d2538dac5bcea5142b9c8

    SHA256

    17136006746a5c3d0525576efc9984ab2990aefc54ca19ddc22f06b9a76f5b93

    SHA512

    f7aec1d09aa152e477521d72165598d620e6ca01b2daf9f5a7cb9dcd2c3b668239d2b7e9c302a13234eb55fd91c4917d46b06da7ee72efe752e6c3d149143122

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7f3e98d2174d14c2628c273b2f7d9f40

    SHA1

    54bcf673b56a079cbea778da52c341ffd859615f

    SHA256

    9e1eb13a17294da48662f5869115202f3b9d5771e6ee60b6c66b534de34ffe82

    SHA512

    9a6a70b1419a2cc142312aed28df332b658010cf25d8851af7a69a3ce855cafebe4f0666b20ed0893e2e82894e756704ffaea63eb847859ea1d5c02d3aadc830

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8bb8a1c6cf84bf6be8769e2ef0723735

    SHA1

    1c86a7f8e2d7d5655a815bc7904d2acf6028094a

    SHA256

    30ebd1f4b357c15611911d625b6c9ce8d85850e30d222e495e224a8a9db2ad22

    SHA512

    8a5561245f9cce8d5f97d0a3d319b2f4137c2fb00d13e5d156d02611ac6753335f337c715ebd898da7b2426620bfe9b6db0beaa5139aa8386f69b50063e8c533

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    25d15b7766e31eb51ca21ea12b76237e

    SHA1

    1afe8042fb8f25a300a7009f0511ba4e2856a464

    SHA256

    001a300be761b94747b548c0c76bd04d4f49616620234c3c29a743dcaf4afc53

    SHA512

    d9be5ab6fbba6273d488435ccdedc1d9a1584ae289b3811901b03eecf6200cc93c38a5baa5622d93ff7888bca79d914a97fc0f0352e7f2627656e612dd266fdd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4b5fdb0d2f4fb01b2f2705a8b6d1f44a

    SHA1

    0e536cdb3cf4ad76249ce6705223bb657943aa19

    SHA256

    f63d924e7c4955859b5bf8caf2f941c0bc04487c4ed69eb9180bae538c8d11f0

    SHA512

    51c1da60ad5af0a244fb62250dacd05fd7d6d8ab68b28c4394134d64ca5d17b38bbd02021b28239b3b7a872426f3d95df9ed70c28e89434720e5d662ebb40d38

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    718a31edbfc3fe0d73715047057da4c4

    SHA1

    8d465632c931f1c3b8462ff8555f17f83b685653

    SHA256

    e81720bff6819d6cc052ca0fa11256d7ea0af3a351d763338181ef4c831e2b95

    SHA512

    2802c85a81842b00b1b8a62418a68a46f5267e498016a563e6fb0b856a07a293eb3f3db5c89cf6ca3e4963442eeaef4b11213d599f8f3ba82665bd50da9fd929

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD23F.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD2EF.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\Vanguard.exe
    Filesize

    50KB

    MD5

    627e1b984105484eca3a2141754004e5

    SHA1

    7937a822890d8fc4adb6f8c09437cb75bd96b9e0

    SHA256

    d707dad12d7746654c7248fb3c059d7deeed3e1cd21eb19af37f3fc42be9b84b

    SHA512

    32380424737265e97b7f92eb2be8680ee0844ed4510853abd5a666d6f989b6a31c723d1fab5da46d25bd299bfbd5e81fe4b722183b574a2d20422498a6e4f38d

    Download Submit

  • memory/2528-8-0x0000000020000000-0x0000000020014000-memory.dmp

    Filesize

    80KB

    Download

  • memory/3016-5-0x0000000020000000-0x0000000020014000-memory.dmp

    Filesize

    80KB

    Download

  • memory/3068-9-0x0000000020000000-0x0000000020014000-memory.dmp

    Filesize

    80KB

    Download