Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    144s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    22/07/2024, 13:43 UTC

General

  • Target

    63654361b6b3a00bbd015c1812ba2c18_JaffaCakes118.exe

  • Size

    3.9MB

  • MD5

    63654361b6b3a00bbd015c1812ba2c18

  • SHA1

    8d6e98480078b41273e4e25ee155a2e017a10baa

  • SHA256

    8aa8c7a187a7a532745620830f30195dd157e2d7a5b82ef67b1209528bd34139

  • SHA512

    ec03c533377f43415e4f6321a0d1f8b67a2ec9c99e2b4871ea4cf42b048bf5932c5870093e6ee4b1c08230c2e732f5449cd69545eef53840bc889efa03f51185

  • SSDEEP

    49152:MRiX/HBNzTq24x0zpLaa+108dRM38MAf/I3:MRQ/TpzFaaS00RMg

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
  • Modifies system certificate store 2 TTPs 4 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\63654361b6b3a00bbd015c1812ba2c18_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\63654361b6b3a00bbd015c1812ba2c18_JaffaCakes118.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Modifies system certificate store
    • Suspicious use of SetWindowsHookEx
    PID:2104

Network

  • flag-us
    DNS
    rrobert.owg.pl
    63654361b6b3a00bbd015c1812ba2c18_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    rrobert.owg.pl
    IN A
    Response
    rrobert.owg.pl
    IN A
    195.184.84.52
  • flag-pl
    GET
    http://rrobert.owg.pl/programy/Promocje_ok.info
    63654361b6b3a00bbd015c1812ba2c18_JaffaCakes118.exe
    Remote address:
    195.184.84.52:80
    Request
    GET /programy/Promocje_ok.info HTTP/1.1
    User-Agent: AutoUpgrade (www.utilmind.com)
    Host: rrobert.owg.pl
    Cache-Control: no-cache
    Response
    HTTP/1.1 302 Found
    Date: Mon, 22 Jul 2024 13:51:40 GMT
    Server: Apache
    Location: https://rrobert.owg.pl/programy/Promocje_ok.info
    Content-Length: 296
    Content-Type: text/html; charset=iso-8859-1
  • flag-us
    DNS
    e6.i.lencr.org
    63654361b6b3a00bbd015c1812ba2c18_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    e6.i.lencr.org
    IN A
    Response
    e6.i.lencr.org
    IN CNAME
    e6.i.lencr.org.edgekey.net
    e6.i.lencr.org.edgekey.net
    IN CNAME
    e192961.dscx.akamaiedge.net
    e192961.dscx.akamaiedge.net
    IN A
    88.221.135.3
    e192961.dscx.akamaiedge.net
    IN A
    88.221.135.9
  • flag-gb
    GET
    http://e6.i.lencr.org/
    63654361b6b3a00bbd015c1812ba2c18_JaffaCakes118.exe
    Remote address:
    88.221.135.3:80
    Request
    GET / HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: e6.i.lencr.org
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Content-Type: application/pkix-cert
    Last-Modified: Wed, 01 May 2024 21:14:12 GMT
    ETag: "6632b0a4-45b"
    Content-Disposition: attachment; filename="E6.der"
    Cache-Control: max-age=3600
    Expires: Mon, 22 Jul 2024 14:51:41 GMT
    Date: Mon, 22 Jul 2024 13:51:41 GMT
    Content-Length: 1115
    Connection: keep-alive
  • flag-us
    DNS
    e6.o.lencr.org
    63654361b6b3a00bbd015c1812ba2c18_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    e6.o.lencr.org
    IN A
    Response
    e6.o.lencr.org
    IN CNAME
    o.lencr.edgesuite.net
    o.lencr.edgesuite.net
    IN CNAME
    a1887.dscq.akamai.net
    a1887.dscq.akamai.net
    IN A
    88.221.135.113
    a1887.dscq.akamai.net
    IN A
    88.221.134.137
    a1887.dscq.akamai.net
    IN A
    88.221.135.106
  • flag-gb
    GET
    http://e6.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTUejiAQejpjQc4fOz2ttjyD6VkMQQUDcXM%2FZvuFAWhTDCCpT5eisNYCdICEgPShcO22KtdfocoUcl0vTiiuw%3D%3D
    63654361b6b3a00bbd015c1812ba2c18_JaffaCakes118.exe
    Remote address:
    88.221.135.113:80
    Request
    GET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBTUejiAQejpjQc4fOz2ttjyD6VkMQQUDcXM%2FZvuFAWhTDCCpT5eisNYCdICEgPShcO22KtdfocoUcl0vTiiuw%3D%3D HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: e6.o.lencr.org
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Content-Type: application/ocsp-response
    Content-Length: 346
    ETag: "4BB3AB8A29E6BCB3FD49BDCAA2F97B0DF56D173D177FFACD39F04005FCE255BA"
    Last-Modified: Sun, 21 Jul 2024 21:20:00 UTC
    Cache-Control: public, no-transform, must-revalidate, max-age=21537
    Expires: Mon, 22 Jul 2024 19:50:38 GMT
    Date: Mon, 22 Jul 2024 13:51:41 GMT
    Connection: keep-alive
  • 195.184.84.52:80
    http://rrobert.owg.pl/programy/Promocje_ok.info
    http
    63654361b6b3a00bbd015c1812ba2c18_JaffaCakes118.exe
    686 B
    669 B
    12
    4

    HTTP Request

    GET http://rrobert.owg.pl/programy/Promocje_ok.info

    HTTP Response

    302
  • 195.184.84.52:443
    rrobert.owg.pl
    tls
    63654361b6b3a00bbd015c1812ba2c18_JaffaCakes118.exe
    699 B
    4.0kB
    9
    8
  • 88.221.135.3:80
    http://e6.i.lencr.org/
    http
    63654361b6b3a00bbd015c1812ba2c18_JaffaCakes118.exe
    344 B
    1.6kB
    5
    4

    HTTP Request

    GET http://e6.i.lencr.org/

    HTTP Response

    200
  • 88.221.135.113:80
    http://e6.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTUejiAQejpjQc4fOz2ttjyD6VkMQQUDcXM%2FZvuFAWhTDCCpT5eisNYCdICEgPShcO22KtdfocoUcl0vTiiuw%3D%3D
    http
    63654361b6b3a00bbd015c1812ba2c18_JaffaCakes118.exe
    518 B
    1.6kB
    6
    4

    HTTP Request

    GET http://e6.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTUejiAQejpjQc4fOz2ttjyD6VkMQQUDcXM%2FZvuFAWhTDCCpT5eisNYCdICEgPShcO22KtdfocoUcl0vTiiuw%3D%3D

    HTTP Response

    200
  • 8.8.8.8:53
    rrobert.owg.pl
    dns
    63654361b6b3a00bbd015c1812ba2c18_JaffaCakes118.exe
    60 B
    76 B
    1
    1

    DNS Request

    rrobert.owg.pl

    DNS Response

    195.184.84.52

  • 8.8.8.8:53
    e6.i.lencr.org
    dns
    63654361b6b3a00bbd015c1812ba2c18_JaffaCakes118.exe
    60 B
    170 B
    1
    1

    DNS Request

    e6.i.lencr.org

    DNS Response

    88.221.135.3
    88.221.135.9

  • 8.8.8.8:53
    e6.o.lencr.org
    dns
    63654361b6b3a00bbd015c1812ba2c18_JaffaCakes118.exe
    60 B
    175 B
    1
    1

    DNS Request

    e6.o.lencr.org

    DNS Response

    88.221.135.113
    88.221.134.137
    88.221.135.106

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2104-0-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

  • memory/2104-1-0x0000000000280000-0x0000000000281000-memory.dmp

    Filesize

    4KB

  • memory/2104-19-0x0000000000400000-0x00000000007E7000-memory.dmp

    Filesize

    3.9MB

  • memory/2104-21-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.