Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

697b7fc8bd...18.exe

windows7-x64

3

697b7fc8bd...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/07/2024, 23:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    697b7fc8bd49004867c5d81902ad0898_JaffaCakes118.exe

  • Size

    892KB

  • MD5

    697b7fc8bd49004867c5d81902ad0898

  • SHA1

    ced28aaf58c55b299e80447855a315a51c87f8c8

  • SHA256

    1499a55c2f390b01a78e82ac27e6d6f91d9563d8d69d9659ea7da196bb9de6fb

  • SHA512

    6e32c7d4aadda84c4eea768c9e78ed8781c99c633dd2dd7791fedc2144307441b64de41a898ccfdceabff7ec442ebd72557e5f65d1fca0495f602829c8d422df

  • SSDEEP

    12288:p31XsYeziPHb4pbsve7glUzHWelbgdx8Xm2tmy:pifg74NsW7g+Hflbg+J

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 61 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\697b7fc8bd49004867c5d81902ad0898_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\697b7fc8bd49004867c5d81902ad0898_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1100
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.vdisk.cn/moxiaoya
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2676
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2676 CREDAT:17410 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3216
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.vdisk.cn/moxiaoya
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3576
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3576 CREDAT:17410 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3748

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    f45300b4bfa494ccd852b64a295d2b8f

    SHA1

    f95de19f9cc5e8d0e9b60f290310856c475fd442

    SHA256

    66d527bef441e128a840939dd7a3dee3f505deb3ee866518961cdfae19991e85

    SHA512

    545dc62f0f047a05b9edf9fe48a4e5cf60e1c1c01a1cc367e810837f21facf0206b30ca7dc7a6bf530ac94891e63768313615e2c12603ce509d7302cd41dd9b4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    5919f491c2fc380ebc39e4b1bf68c619

    SHA1

    4c47ce8a8a913e1276bd02aa7376271f2e68f490

    SHA256

    d41c026a8192e138a776a67ab74369b96054359d5b9ad61af739cc0aa360de22

    SHA512

    6d90eab76642510ec55e119728593375fb569d21620c93fc24140946b7060ae9fa1bb36180c14b6c8858efeb66cad41087328f5ed9af0af0e7b4604519fa651e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    9fd0585c85186fca746d3c80e7019176

    SHA1

    e89ee392bba59ed8df0f09a2336d9848af6d052f

    SHA256

    a8a78ce33f5cecc95f8224212b75da29b8f14d8dcddd6f6df99c549aedd19b9a

    SHA512

    9dd3b570c312e11983289a25abf9cb4541c947b8caa9e84551497d5aaeb9de789c2230978c15ac337f4b56930c6702910053f0779857dfc104b130b4460e960f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8EE4431A-494F-11EF-81F6-5EC22215AA79}.dat
    Filesize

    5KB

    MD5

    a597e977337a79a0cb713a914aa4d69b

    SHA1

    d4371b5dee7cb4d87145a98b9ebc0341c3e73489

    SHA256

    5b385a2d2370b3412bab7415b1871e94b6cffcaf3dc13edf3c123f2b36739526

    SHA512

    a9fe074ed4df4d996c58bff2b95fb35a9e0b89fb9d865e38aca655d2c5fdc24527642a6401674cf11811224f17d335dca28a4dfa3c1328dae7281132e9772462

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8EEB6A5E-494F-11EF-81F6-5EC22215AA79}.dat
    Filesize

    3KB

    MD5

    254730bda8ae61686964defa50629b65

    SHA1

    dbabc43e5252dd445285490efa61a406bee6106d

    SHA256

    626c1c97f0a6ac38a2bf7f3e68d01fb8a5fbe4afddb5cf1843d4cf754a384dfa

    SHA512

    b7287db4408def605ad77edadc3b89af9c160cde31e12c2f1a33648895912bbadd7a5f2ba8fb3c487dacc261b27eef36667aa58ff0e48377ee3c242dd39475d3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verDA7.tmp
    Filesize

    15KB

    MD5

    1a545d0052b581fbb2ab4c52133846bc

    SHA1

    62f3266a9b9925cd6d98658b92adec673cbe3dd3

    SHA256

    557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

    SHA512

    bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\yl6xsh0\imagestore.dat
    Filesize

    6KB

    MD5

    88c98401178172d7e9416da6c71303d0

    SHA1

    92eb1d7bf6ab7773f43a7c6e18b351473a094652

    SHA256

    f204b3c9ca23260cc05d305261ba64ad17c9eb8fa4b70f11170e647e21ca3c8e

    SHA512

    147f15f289caf76afb75c65cdc3d3cdc20b3848598ffcafe4cd9231657e67e18d41d94f86ba59ce9c4801c395cf99ce56f515e9b4d42d7b252c204bec2cdd325

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CWF229A2\favicon[2].ico
    Filesize

    3KB

    MD5

    75431504e45e9a6cbe94abe910df2d61

    SHA1

    f5017102eeecc57896d27f13f24093663fe518f4

    SHA256

    0e7b448d6bd1929afc573ae93df3901eb20507a295e059f29076dba25dca0e46

    SHA512

    238b3ef8b1161f419ad6143ac5a4d5b78797a6a902f81c06b7c552060ff41efb8e033ac550d6ab9add6b7bb32d4c64d160d5c4000daaed28b23c8d936a3c74a0

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FMLLHXYA\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit