Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
57s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
23/07/2024, 15:05
General
-
Target
681148ac866ee08182ffe71934df313c_JaffaCakes118.exe
-
Size
135KB
-
MD5
681148ac866ee08182ffe71934df313c
-
SHA1
cb025f81ace932cfdc46e70140faeeee030ae626
-
SHA256
83f5c60633475ae50b42629dea84314f74094c3770d72329af762c1cc74680be
-
SHA512
a3927f29238dbbfcde3d091146a2b094814a9c170ad89433adb78f2ba6f95e789b14428cb7dd87303adbe4ccc528f656693534c081a0ca504db96a1a2f905296
-
SSDEEP
1536:I0Y0qkc5IvFz70yiVdqDkhSchSWiSDWP/OsWQH6CazASXhXSWLlWT3PmcsYN/Xzx:IMqQFdiVdubWibOQNi3MWL4FksNYFfPK
Malware Config
Signatures
-
UAC bypass 3 TTPs 2 IoCs
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks whether UAC is enabled 1 TTPs 4 IoCs
-
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
-
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 32 IoCs
-
NTFS ADS 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 24 IoCs
-
System policy modification 1 TTPs 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\681148ac866ee08182ffe71934df313c_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\681148ac866ee08182ffe71934df313c_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe/c start http://youporn.ru2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://youporn.ru/3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2784 CREDAT:275457 /prefetch:24⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c C:\ProgramData\Media\rdb.bat2⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- System Location Discovery: System Language Discovery
- NTFS ADS
-
-
C:\ProgramData\Media\plugin.exe-wait2⤵
- UAC bypass
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\ProgramData\Media\watcher.exeC:\ProgramData\Media\watcher.exe3⤵
- UAC bypass
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
- System policy modification
-
-
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
4Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
135KB
MD5681148ac866ee08182ffe71934df313c
SHA1cb025f81ace932cfdc46e70140faeeee030ae626
SHA25683f5c60633475ae50b42629dea84314f74094c3770d72329af762c1cc74680be
SHA512a3927f29238dbbfcde3d091146a2b094814a9c170ad89433adb78f2ba6f95e789b14428cb7dd87303adbe4ccc528f656693534c081a0ca504db96a1a2f905296
-
Filesize
13B
MD538de427224a5082a04fe82e2bd4ea9ec
SHA17e4a53de1f83762dd2febd39b818e2258bc83bc1
SHA25612f99f53144294750fe8713d580eda286f4bd95cd9c840db8ab957def8040028
SHA512ec3f3c324eeaad91ab0efd47b3084493d863f969344fa1ba87ace1974908053d396673b44c33b4dceeef792a74ad9278e06acc27c83459af1153de52f83afcbf
-
Filesize
97B
MD55303b5018a6cd19200b98d31ab04f25d
SHA18285eb92f131111e40d2dc864d3b386dad6b9129
SHA256464648d492af6bb50cf65ddcbdca3e90d4b224ccc6f4ce3944d439b6c32da524
SHA512654aed00850f6b7e424a5ec5acad086a51fb54f5f944238979f43fa1aac430661250210fe5f38dcd78e46311adc7e6b282cb5c41bebfe5a7d297afd6db6de21b
-
Filesize
342B
MD59ffe7229b044ad7248d0d04129b84940
SHA199a8237c5f91900cbd8bd6e72ea5a1d2e33958e6
SHA2560bc968bb8e07e09bf60d9dbc951968ffb26a74a642bdb4dd5aedc880431728de
SHA5127ccd333866ae6eef25e8d4ecef4ef648b3ef6f81756e4289546b96925c85401f93e50ca5a66e1d56ab8a645ca4d46ba0225692c454aaf2a55152986a6d514a66
-
Filesize
342B
MD502379759ddd4019d3bb10c7ea8d3de0b
SHA1679c0751d111147383b5bd2ea7e7d24d853cfe75
SHA2563665a3d3de8e8b421bc78cd01f595c47ed141b36730eefcb08f86d2f27042722
SHA5123d958ded10edbcebdc8930c73e3f8e05edf01d8c765f657a64255d8487e081b87339f51fa8968b0e2ba36570f953e28f832cafe3750cdcfce632e18d6c755334
-
Filesize
342B
MD5bec49b45cfbf39c4336d818b9fe4f0a9
SHA11be6b4a0c2d3a862956c4e9531d269957ed163f7
SHA256e12fa7c06ea9b2d24dd4a6c681b4fbe2e75aa996576f4468ea5118648dcc884a
SHA5127377b11f4d4439204b5239f70f1418a3dc4636234f2f24b40025227b7498ece2f625f534a0d64961c2f454bca9854dbc81e79a1ae86c65c1003978d7806a8d74
-
Filesize
342B
MD52be44c34bb50706bd0d826502daeeaa1
SHA1ff8599823964e5707233273c3923bcc4134d307e
SHA256467ad53136c0b49311c2a572221bd522fa558d825585b21d5bb478e2946784f0
SHA512c4f50c4e30e53294d90f9c5235dccde02a5fb5570c2f67ca3b3413e118dd8679e18f505360ca34b026a2adef7bdad1c0067568820d4759150625a53330f4d098
-
Filesize
342B
MD50c01a37aac3b7b97def8766c664dfede
SHA1d2777308c5c2b07229159136da710b5108ce4606
SHA256c353776a47ab577b21b65fd9b5d6c7234aca82c8922425a40d52682616ba68d3
SHA5123eec718c96ba14f18cdd6690b626994b9e6f9217f525a68db6cc9e549553876ca469eaf8b1f32c348f409d89e53d9c4b42738dc004d29ed3b958a522abf2816c
-
Filesize
342B
MD510390fbf2c6b92fb098d5bcd13f43e6e
SHA17e35ab93b17fa1faaeaf242f88eeda6b008a78a5
SHA2560d23c20198ffaf539933a8bf353d2722077bac9b27b5373f6d93a8095d4654a0
SHA512b243b4dee1e9b9d5124f33eca7728b8f6249e82c671cc8ca693265a96f890fcffc791a9a11add9e2c020a7e557467b3c944c82fcbfde46c0343d26d4601d1606
-
Filesize
342B
MD5ee858d9d6b8cc5e0f4404a2f8b23d1da
SHA14a7e773200c844f07713a0a0c228b9c243aecb89
SHA256e26eed8db7ec247b3f3331e1d0f540842ceedd3504823c9e4bb4731a416d40c4
SHA512486c61988d1127efdb883cbeac774b2204944f1f1424e9e43f4588b0644d4c0e9fa550293a9c51cd19b398b4e395ffcc821734b76365c7d9e6d7363de9e14e29
-
Filesize
342B
MD54054f2b1b82dec3d844861ecf77f6fd5
SHA1ac3c26eb9740774b1c3fde8038a173ddbdf1409b
SHA256eea3e78f15d5eac34fb8668cd2fa48f35f1cf66d800a2260478802caa18b5b39
SHA512196551139854d7693f7139c397b80169e3eac96c94497aff0ebb685c52365359d298a66a177a784cec65a155b181419732c237cd43f4db702ff3217bd97e1cdc
-
Filesize
342B
MD5640599451d9b1861d4da50514bc7d993
SHA196882a5f98cd5e9e67c3e3b005adef7e26d1d66c
SHA256cc26c915bec6bd07ad93209be8448d5931b8e64fab39e3a9044833664d35917f
SHA512157ec498c643f19fd3a2d2e1bb699458c6c81c195d74e74cc362ea3f7e96be41b308067814ab2a45e892806eac0a427b508aaadbfd357ef4800a0d2e5d4332ac
-
Filesize
342B
MD52c6d5d1626e3aec49b0025e89232bd1f
SHA168629d6d1953ce4d57509f9f0dbda3ac01f7d572
SHA256ce897c5eb663418c265e307011614ed5a3806fe9309466c62aec5c23d0e47666
SHA5129d0f6019d993c2eefee3d202f335040d219573c66ddfdffa00a4a83eab55a8a8ae25b6df18d678f0711faad3672e4885d640f344e4beeb04927440759de63c9a
-
Filesize
342B
MD5dd51202ce2a0b1725c677c3eafa744d3
SHA12644606c68a91d2bf9a38e8354981d9407fbc698
SHA256e666c9880c0191c7990c4edf9e01b53daaa221092a413df0f02ce14db344b893
SHA512032272269a5ac972893bc8d9ad61ba4daa9871aedc7eed56573d43a3934c0822fb84c118a0d15fcfd786a859e8a37a73b10abfe96ec33e3650ba480f48530002
-
Filesize
342B
MD57d9936fa34cee6990d7e69b7f2c2bec7
SHA166a0fd52268fc22f5b9b0b6b28305e379c927c72
SHA2567ee2b2076614aeb4ebd0b08108029f7b08f4726b0b7a2674eec5d6d5899dfae4
SHA51251cacbf2fdb6f1a81fb623eabe2cddf72c1b2bb4a06e00bc1e8c764671ed1c6d9092cfffbce5e614c6df8f97ba20f949b9e5547ebaed7373bab513ba2a7a273b
-
Filesize
342B
MD53251c24410d766821b6a982071d96a7d
SHA118d7af51fd4c9fa1f31c44f80322abd1bfe92d09
SHA256162093a48a90dd4fd6758b9dfd6989b29750734af7c10b0a51e6542c6b797d17
SHA512497f3b35503fa02604ff71f01425f0af57808afc33bf787a26cc54007182ff8666a34e5fe04217aba183665899bd9cd6d760123b51ae63b34ef56f1bf217c781
-
Filesize
342B
MD5a71e1ffc18d25559c54b841197443f47
SHA12e020530aa95fbed8e9ab114f47fa555881a2546
SHA2565f807288984afe62c52c35289e66bc5749051e5f0da22c6afdf07756f718b287
SHA512ebb92f5c388dbd907dd738120b7f51dc902cb177997239568a9ff1dda5473129fb5b9d87e5d153c57d4264a0f725df5bab6d2478ec955bf97e1c155bbc82f03a
-
Filesize
342B
MD568b04e9b32dd46c8052aeff7c1774825
SHA1a5a7a799a48a2e43d7b8a720c98a3e16606543e4
SHA2569d341aba7b624af9070d47bdffd4415e04430a3467a703104dd6a7bd57590a73
SHA51256acee4408e1834e23dd17e520b7e57ddb02feb42ebdacf10610c3e8713eb4e0c02026d046ff16038f1faac24f8a6068c5098b432cdd92ef6233cdef7c2c1ffa
-
Filesize
342B
MD5b95093a985437f5029c7e5f65bffdf34
SHA181e8a72aa08e53c798dfd4dceb4d4b38df7bd09d
SHA25699fffef327dd31d7ab1188347637bc59a88d1cc5f329e480f2749529b56fcc15
SHA5129c89c28f24d9a3fb5748e36b7594c9356dcbc37aeeeda3d721a5a4700f1306bc3a1a1f3f4872544096b75fc4d0172a8de7734d8e47d337592d7d4c18d8e637ed
-
Filesize
342B
MD586d04a8de1c61f2235742294fac64c51
SHA134a3a8c6213fa593c200bb0284dd92ea411ccc52
SHA256ae615684c7edb81e18beb7a3221b43ace1d4fc8ddbb81bd856153afdf4ebb01f
SHA512be8f7b5d73cc085bd2f6a9a64a5638188f63f33023522e66c34f7620c73b589f43d530379c8b8a91b83b49df0f9eb64b845d13cb62f396911bba6849e8f777ed
-
Filesize
342B
MD5d96505413777274c0148c058dabeec94
SHA1fbcb984efe06906acb6beb2e1c2009fb68e57b5a
SHA2567e4bcb76fa734ed1aae22bfe81a89b87c9b69a20c1fcd103d2c2926ff1dbcd78
SHA5129970a5f8ef86f6d51fa8ad845614a80a05e17cf9e285673b04a7b13a7f8ab98d0bd0322163f0b924ceea93c0622ebb74329304dade5b5cb9c800e16ad5b31dcc
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
1024KB
-
Filesize
1024KB