Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

70afa0a34b...18.exe

windows7-x64

6

70afa0a34b...18.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    140s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    25/07/2024, 18:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    70afa0a34bda162be62d18bc6123889c_JaffaCakes118.exe

  • Size

    779KB

  • MD5

    70afa0a34bda162be62d18bc6123889c

  • SHA1

    5e475874879c1c376b19b6e53d03c0106fede34f

  • SHA256

    9ff6b7433979ca7e1ad30622c85849b2cf028056a86fd15fec0038e8095e1a09

  • SHA512

    6dcc4c23562b9fce60d607ad9b7093d5b41e2dcab45650dcacdb31cec01c73ed994937c64afd12c34110ce266b7e5a71eeac34f0d1178e5bb07b7a56258f7c23

  • SSDEEP

    12288:Pje0FOfRaCYU64L/DduA0DzM6YJroySHXwLEiDGUK6Ebw:75uNYIL/xGzzUuHALEiDJEb

Score
6/10
discoverypersistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\70afa0a34bda162be62d18bc6123889c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\70afa0a34bda162be62d18bc6123889c_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:1964
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1968
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1968 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2904
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1968 CREDAT:537613 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2928

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1d08cbce247af6fe60ed77d97febff0e

    SHA1

    171c99ecefbdb2a79976ab33576beda888256c29

    SHA256

    7dc950e4b3a108a2fabe3c2cc1c7270d81aa313ff72abb4f1c9995a3d59b77f3

    SHA512

    db8f0ecc27aa7153e45cb6659c0e405b279be7c63e39dacb84f0fac91d187b6a757847a34a1ebf343a85c9150b9ec907eb19298e72198fd6b6eb39b661abb749

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0a106e32d88983bcf813e624d4093390

    SHA1

    de708444b466993eb36518508101552ff83a9d94

    SHA256

    b43f2e44c58e83504467f05ca2740d8c9df8f5be12a34b4ec29ed8593f7237ba

    SHA512

    12950e34a30938859d9f660e6d0f9a3f5e4963dfb9af7da241e817ce77b22650d9743d02ddb617fa7cb472a395a15ba85d6a0db6737646202968a5d2e74af515

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7153b42d70de07ec3b1b8fde71b3bea5

    SHA1

    567ccb40b68c9a181b4f5dbd130a29d4d735db67

    SHA256

    f677125c14aaa47a3b7af3713707f01d59a69439397682790383753c2e18d646

    SHA512

    a506032d64c2ceceac3ec0c0da7862c055fa39c05b00741b3b8083797633103ab53c7842842aad1f93061204cc1a9847dbe24817a5e579d146a4dd9cbcbac963

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e5d13ff1c982c12146171c8c33ef4de0

    SHA1

    8fc190100282c442d292bb7e330a8c34ded73302

    SHA256

    4b8763e11a9c2b683a4f29c7a61bffdce2512f93cdcd433654ff932897d551bb

    SHA512

    193b4a782a3593a464a042d47af88b359ad84ab1bc7d400720776ae376088ae8b1b5b303eb2712682173e1d67806e5daa84ebdec2d7673b590aea0b45a5fd1b3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    af84bd1f5e3a82c617b3075d06ee55aa

    SHA1

    57a78a0b62986e533336f272c5ff3f51707bffd9

    SHA256

    bd2fd923db032993910b99cf04c4fee8f0995221e1d4ed83af37ad7c76567107

    SHA512

    dad775ab43c3602ef08ca0ccb5f63ebfa9d21d90d6d48ac69afeac0b8a642678a1f1c0aa26812259a974651f82dd8edd610ea5e3c4469a4b3bc645384dd2ea95

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5d685f515e69862752258b3965af3950

    SHA1

    0e510c4e6e43ab981bba415a9ce50c1110314811

    SHA256

    f1879c81d8fbd737efece3ef3a1bd74020194633c074ab490bb5798c63d22848

    SHA512

    6f21c5c5ba9cd3ef50df9b66759ccb8025319e4571163b91884e8d09711b5acdc6773e1abe9df6ccdc7a97bc3f9de14d4b2cbdfb7f0459d66a5beb06dbeeedca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ddef88a8f18a0295b6b45d4d63e4db0f

    SHA1

    e9f7da8dc5685d4a92ac4bccab3867ab35f7b54d

    SHA256

    198dfbb9cba8fe8c3106d6680c1e50b7118bfb9b51e3fd1fc493a0e9f1daeb6c

    SHA512

    31a16c57d38fbc310c7fb97a04cbaa0c963c19372c13ac70b7970f05290852116d9798a6b029577a03d7df8aafbcf9f60acddefdfed1ed894415dc18640fa738

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    adee68c00a60f1b5fb5ae684513c5ddd

    SHA1

    0c6514837c04cf629ff3c09509610f04e969f5e7

    SHA256

    20dccf650c8c828d372516dcc544705548160725a259759c0093c50b4eb8698a

    SHA512

    15964d1207c7a09e1470e94b8d5a64ac5a3372d3ede0aeb16c882ce348eaa5a3cb1d7d4143c95e0ae00d12aa14d2204ec20a40defc7da24def1642e0797a881f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5c04c4dadc3ddfc4bc34eb7c41afd04e

    SHA1

    a34bfe8b4782b2f127bfeeaede9b2087d1042bde

    SHA256

    561db08631b6ef965c8ddeb881f1e0b2e339e7d2f98816091f5fa7deb291945e

    SHA512

    f8c09713d70709f0967361b818f6d5087f2a0f194770ba79225ecbba0f3bb2dffaf36b22793ac9dfd12bd353fea3434e7707b783b4ae65fe1f0d3648d195f405

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a6cbfbf77b209ec0a1e6dcd25f807830

    SHA1

    3fbb8f80f9ef576b227330e71b984e5a5466e463

    SHA256

    f997719d5884077ed8cdbab747ca06e1e5b661daf4119e2485425d16a7fada9b

    SHA512

    01aabb64d1e50210d51e32c38b4b2f4c5b2e23db090ed8f13508dd4726117cde0ce416729cfb13729ae8d921128ed0efb6abfc555fc8f49bc368879b4eb8f5ed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2f499f974591da6610a85c5700254e61

    SHA1

    554a1a819009d3c7be8b5633cf163633c904e70f

    SHA256

    5ec9324dd9d430a9ab34453fd06a749d653533105d5a49dc2600df85b4e04075

    SHA512

    6c8f4262cb0ce6916f2b1d56bb932a71cfa9367d0c9eac8b94a14ef99d14a527faf2d067de036e5d4ce76fa369d833d9704bbcf3be2233dd10048655b458dd7c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    286aa8749a8bc5332ddb42940b29bb3b

    SHA1

    30c7f9ed46af9d5dcf33890677b36775d1a420f0

    SHA256

    f1927e488c39eac1bb383af2027f6eca69552f0dd6b6e44aeb53fc009e081f4c

    SHA512

    1a561de01cddfe01f1fee369beee65b864986269cae95e6cedcec0a1da674b21c69dfad75a7f1e201686683ba8bc3eac4d0256828e559b6650f3cdbe1c1c2008

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    75c4f392fc7102ed4731f3b19de9ec27

    SHA1

    58635cee90840162de08e42a33f03cf3b01640cc

    SHA256

    dc12c417a9a3e7efdb25a1840ddf23db72c49caee64145cda889207141ee1095

    SHA512

    a1df481c91fcba1315714043c07522e86def5ec59dd91bf1dc84e8aea9ade2e52897f7c0efab512d4a20ea93def93dfb494d1815713a1981d08570500a10956d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d5968831b6174cd3f140f012e31c4362

    SHA1

    0f012e8a255fb7ef5962106f7f147ed1d97a55a8

    SHA256

    422a78b044413809f7171b6ec15127006becb47d0e09b631473c2f28538ab083

    SHA512

    bee793f2b75eec225b85bfc401de0f6748c386a87039413c0106d64fa4f9d03c7f8f1c6cad6c3b470a7f453683935247aa56fb26ebc282f2647f0fd7fee2e8af

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    58df858b08eb4f0c1c084f4c6d66b5e4

    SHA1

    8d0839a062f8167cd94f0b946b40e7c6d41d5479

    SHA256

    8b76121614d0092150e91a7b8df819da309ef445a449022f5a9ac90050fbb872

    SHA512

    2034dc2a15cb7459f2e0faa938d49e7199369599285cc3faacbeb62f805e30656c7ed31ce3ee16c4de9dafaf666f583d6ef4bc55e6ba2cb0091124863b748120

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e6633d64bac1d27792f177f6116e5ef2

    SHA1

    4f53266c659cd747ac2bbe64cb1c5406aaed9e70

    SHA256

    fb996f6d148368ad2b4da063e9a18d5979970c7ac3cc1a42a124c96886dbee59

    SHA512

    0b701807c502ea3858dd87fb91fc4f1a478c76b4f28540e97b9eb29986909ee11ff9287224f337a010967ed415c105ab2287bfd596e5adc2a6aec7bfe134453c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    91817f7d8a97eb00673373135bb4ab45

    SHA1

    0366d80cbcbace145c6f690e9a220a28d2ace5ef

    SHA256

    fbd92a6d8b5ef8e63ea0defb28b3a9e73d424807b361be7f8efc645c65582d47

    SHA512

    b7b5cb5762a8bc9da361672dffd2d2739d6d7b3c289d021d501aa55e4f4c12f8bd279a86bd49ac502cb22738fad510dc7683f82cc41bb715a5247ba2a7151803

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c184351892661f330b77753d90151ac1

    SHA1

    e47f582838d39d03db6bdab332a0bb0613ee95ba

    SHA256

    0994095e6407052c21e017d1ce98a7167afd162f057eed446ab41f10950bf7fb

    SHA512

    96d3455f2b272a12bed263fed805c638d95bb32349a74a182332be2d7f057e9dc7b85633fc1a8cb5648d56172fe58ddca85918dde1ec5f838286893da953954b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5fea18a211ed1c98058332451852fa9a

    SHA1

    212b44d68ea87921a997fdf8f82faa570f0af15a

    SHA256

    1be0a58e10891800b6a0aa5b3ee442bf14a7fbe239c146caf1dca7b1254c36d5

    SHA512

    bf82d52e489a732d8095b9ac0e005ec0078462fe04c943141cc18fed5b6a160b815496a373a9012f3e85901e92306547e1c7fd45c10e1883455afeb7e9044311

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabED10.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarED92.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1964-443-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1964-442-0x0000000000400000-0x00000000004CA000-memory.dmp

    Filesize

    808KB

    Download

  • memory/1964-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1964-2-0x0000000001F50000-0x0000000001F52000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1964-225-0x0000000000400000-0x00000000004CA000-memory.dmp

    Filesize

    808KB

    Download