Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

3

6fdc5d4a23...18.exe

windows7-x64

5

6fdc5d4a23...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    122s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    25/07/2024, 13:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6fdc5d4a2372f2111f7d89c5a0b9698f_JaffaCakes118.exe

  • Size

    62KB

  • MD5

    6fdc5d4a2372f2111f7d89c5a0b9698f

  • SHA1

    b8da2e41fa456926a1f23bbde138b8f6d65cb170

  • SHA256

    df874dfc1919fb743eadce441f47300d248e02890a5c55f82d84c5604e678302

  • SHA512

    fa2e14ab4bbf7456a194051540a4ad4abf5ce4ebc5c3d4127b540ee3388354b48837d7bf43b7e039f912b969e46be2424b84cdce72deac83c41d3826d6755ce2

  • SSDEEP

    1536:hIMrotgqDFLwz8kYoG2wvlm/4BcDQX2oooD+AyxArAIVJ9E:hVotgIFLcwvlm/46QXMmAIW

Score
5/10
discovery

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6fdc5d4a2372f2111f7d89c5a0b9698f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\6fdc5d4a2372f2111f7d89c5a0b9698f_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1864
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.mp3tube.net/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1276
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1276 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1844

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    c9d9eded00ebc55fded9380fa8b6fb20

    SHA1

    7206e9dec2833acc6abfc1d54056454c49d1a38f

    SHA256

    4b11f88c55de772a6980758e08c53b394ccbeaff0427df66b8b1ee8392f80893

    SHA512

    b6a74b421188c40a12167b0502dd4feceaf6fb637036637f0386d7afc633ea691fcfc5797cb02ff33f4dce086d0bc268076a5dca397b70a16379bd009638b49a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    54f212df876628fb9cdc0eaa27d81e09

    SHA1

    012f4008406c2204254553601096f42782bf49be

    SHA256

    39d25162b5c4eb00c69153f48cacd4b6f901753ad7e9e731424bb12f74224471

    SHA512

    f2d87c942a33162cca64729060d62f8674b1644fa252a96e7240a99d1e806e0918e25914e1fd4241abc983a113499d6c82c4744972583610ee8a6ea67915e1f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    8f17189f982bda5b17639e5fe5038505

    SHA1

    7dea728ce8dd8c25ee91a2bcec709e6a8e674e69

    SHA256

    675d5752935ff6ba785fcc2ce6c099e21d90e1a69651305f630bc091c9a2284d

    SHA512

    ea30facc83f2aa32e2d4ff6587d03de769ed7b8b277b29ceaef06552f9d600f05f8e57412784ec2939183be483e1a1580ba5c0784955b3b1ee2c7fff38921f1b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    7ed1600ce3fdf64fea5087f0d7ae74af

    SHA1

    1b2a3b1204b135484ff213e80567f537cc7d7a04

    SHA256

    5eda3d32c836a5b1524bab7065c09d502415d87e3bcfb8cec053e0ab6d7deff7

    SHA512

    2e15d610a9b50d4a88d2e6040e4b2a798f3748bab5ff1def245543f6c1be3bb4a5f7d62054349eb822e275591c7fbf71db98d27724a508af1b558dddf6300ebc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    ff6c028f1e71cefc1468111c681ab8a5

    SHA1

    d004d5511d7212d53db4389ed592737598d25ae5

    SHA256

    c5132dba4adbfe31c893b7991a8856112f7367468d205d131a88e9692f191ece

    SHA512

    ebf37ec6fe339a28512292962e7f82fc51a3fb1f7450739fb75d87a504484ed647f630eee471ed17d76eea30a4b0e06aa26031732dab73f9b266e0de0b75db83

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    641d36bc5f1149933e6d96ce6ae65718

    SHA1

    581481efa4e6e5d3e00257404d959230ddfc9ccd

    SHA256

    05e279f1906d5422fbf0f4e57ee775133ad355f2dfcc61f269e456cca78566e3

    SHA512

    4e90dbc65de2fff6f187ffa9a2f9a96578be8523d7732a161a0e6c37377af4825f7f81117deebeed43509215f00f1dae16b7a811b31020d025ae44b9d1d4df0e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    3df064658abd8b831ea0bc577f0ff1c2

    SHA1

    53c0674d5db6cb60b76d306a21d1c64c0743d494

    SHA256

    e40f3bd63760d27ad07e24ad23f3ab5c21522a6186d7eb20148e0591e297e2b0

    SHA512

    aee3ba12e1ed557d5730c18e38a592be86f9a72701e15f9cdf3d6376179a417dfb47bc6aa81b31efec3a599df573ffd62510f99d34de0be6e0c0a57dead6a351

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    4a49a3e61df7b3e9846a601ad6b0ee37

    SHA1

    ea52e2076c9ec64d46ccea990ac3fcfec7231acf

    SHA256

    4525261dc4ae38c8c6b326d58440e4053deab708c279ba1a2f5b5e35c5e69939

    SHA512

    52f811dcae958b92a3816bbda07c20f2d18fa0b1a7cddee9584c2de926de55b14cfeb72afa2a9f479bcaf8989c29616d90287651cc583f7ad3f0aa3ccbb952c1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    027e8bdf88c5f77f3e19d6be3c8270cf

    SHA1

    e25b7cd6c8e342aba9814fae6d8cc3ef49335bfc

    SHA256

    b0de72cd208bf5212c9c18144e95d928ea3f2c5882c632f7f4c57b411906eab6

    SHA512

    6df0bffe5430e1cd8e4d3ef3370de1dc208abf3a4b02211d878b89720ab792c541e1da94ee91fdde6efc89cbd2724c41c7763a6f8f726f5b3d92ff26d40234d8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    0dfdedb0fa8482056e37a0f8a04b22b1

    SHA1

    25be1a107f86807e811dc5754ebf82474ee5522b

    SHA256

    6c163d8423ffd13f5324c6469b677a920ebb6f9945e8b9625ac663f9df141402

    SHA512

    d910e84f195d7258a4d15b5327132ab6cdd0650c50ede73b667e1fd014e4d4e43c9c928adef361a09272781dfdbf136f1fa571749fcebe5469fb02f17980eab1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    6e374b8b961d8a7a1c8cee98184132b9

    SHA1

    aeedf65db5fb82d035d90694455f8f45bba58f70

    SHA256

    09dc8bcdd44ed74e099428b5e3a18922a050fcc0cede33c66a99c64a5f9cc8c5

    SHA512

    879319b84b00fb2528233205c61bcdb003f94f43494384e2571d88b2ec789abef1d8c6a8f71a8fc6eb213d70383aaaaa059004f4ec6e199297c5b19e214d6a75

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    3d44c4aa0bf78f0f96ae42491b2fc883

    SHA1

    f5215685244563248ef81a6cc221219e3984782f

    SHA256

    15abffedb45caa09b9e1ac0fd75bb82aa260d267c213a08503b9bb620baf23f7

    SHA512

    6c367106b4049c7d84294bf09c3a3a0f3998e338ef485fa703f3fdbb5834a30bac264ea6d5df6962af50f6daf2bbcb98e3294d612bb3f818eb0ebdef5010fd0e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    2e947bcf0c901b9ddab0f660213d3dac

    SHA1

    818657b3b282711a4aaa44e4c6dc127359288e63

    SHA256

    d2fb40d4f285d3530d464323517aa836180cd5a0eb24d5a6bf4f2ca3e74c932f

    SHA512

    2a7ddc82051788725894317789d453d230f634b39be4a482b69589a164e4a33b7be5668f462e67d4a18e8b4864f38eb42fc3f2393dc2e771be109d4d80386380

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    fd90ae142b787cb33596a2cce7df73de

    SHA1

    d9eb028f2a2d7a9b337376cef64a725bd78ef518

    SHA256

    6a84a09d2a825ae0ec70edd5fb6175537b7c68277dd91e6f7fbf893ff5370253

    SHA512

    82235e9ca86858e2890701895e649a2dcc7334527e1c4f531208d2ec5d9169f01ee9caf76bc2d30b6ad56db085143fe363287003d95f587121ce68e481dbac57

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    7eb26c4c51a9d49e7bfb95e7a3043049

    SHA1

    d8e73b0461ae54090ac01849a69f90746b3375b0

    SHA256

    45ef286085c82ad5de70916a31a6f4337e5987b6a7b4ccc820e4a0877a16499d

    SHA512

    c007fb5a60e2a0db8026d49b778facb4db95bb169da66db44887cebd23ff5d1a4b0d5530eace8226ef794b67f8c081af695a9fd036fff27a18c0803acfd126a5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    6a6590e68b41bbda61e1e06acc7fa77c

    SHA1

    c14cebd7081aef421b3b0b6687d104feffc60b4c

    SHA256

    45e375db47a39602c5d5ba42f6ff40dc254388334caaa0a2b34b0c73fb2a5a89

    SHA512

    0ec473cb1c00b27af685c924bce09064825be278048bb83a87a326763c9354b3917559f5ae8c10c169b312fe69f64529c95649a9d38a651e87488ba1298ff58b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    3dd3b03cf603ed92e4df60743fa58745

    SHA1

    519024d97007583ef6a79aa361f2dd14c53a903b

    SHA256

    a5278d01bf328c32688e3ee9bf8ca80b1284268784bc5817e129874dbc7ed370

    SHA512

    97b4e0ce2d847ff00618c97b031f48f224b522efb170ecd32e0e2f1d3a00e0f76592b3c08b2b8671ea5d8c2db1bef4466a56a8d7cf7ee3435b2a0018060a851e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    5f5764c86307504751392be4a78ec03e

    SHA1

    d71cf7fd2b67e949721f24d9785fb26d6072b88e

    SHA256

    692e4989e26c44a9b7838a8040bc450b88064baff242b672542b1b1537300618

    SHA512

    34cdb57c3e43b7e74853e2bbb4095490b6363d9223bbed37bd390db5e87790a91befb17c9492356861e79aa774bdf835ce82d12b3cf79bb02ebb7c994a5c8220

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    f2e36bae7eee0a472585ead39f0d1816

    SHA1

    73b9a35a99c5feb8e429df762024d69bcbeb71e2

    SHA256

    64dd3a1470f3668855638ea706b02937419a91d891f9f74b32c05ac21d50bbf1

    SHA512

    6b050ad3fee8dca25efd74e71ff5c7499396a96180c32e9a262968b9f5259907cf826509f5ea423ca05b2ba3d9d68e6866c977dc2ac6bf2baf969d59f148cfb7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab976.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar998.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\SysWOW64\webcamz.exe
    Filesize

    1KB

    MD5

    6c0628b085819bf827620d48f6d63a92

    SHA1

    94432d591e237ea90035c0268b4ded1f5a6f0770

    SHA256

    d1d98ef0d86bceb40aea312bc4c16d42f97ebd1296d7752806a485ead98490cf

    SHA512

    075a47a9b7db73f2ee563457cd3be6c57a3bf93715a5d51d617d88895e63ebcb2e68cf0ac554e7774db4428685e1de655b4a12674ce983b5a066b95e6b6f7a67

    Download Submit

  • memory/1864-8-0x0000000000400000-0x000000000041D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/1864-1-0x0000000000400000-0x000000000041D000-memory.dmp

    Filesize

    116KB

    Download