Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

70ef2c696b...18.exe

windows7-x64

7

70ef2c696b...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    25/07/2024, 19:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    70ef2c696b5c4619649cff99199175cb_JaffaCakes118.exe

  • Size

    673KB

  • MD5

    70ef2c696b5c4619649cff99199175cb

  • SHA1

    8adea59a32374eb3472a901c8d616a3d3df3e92e

  • SHA256

    5cded815c3345397e14559301b62f9722af8d0bed5c414b218c465d352ec8c13

  • SHA512

    7247f7a235db16b2826f34cee91f4955505311db1ccf0e3b38710d94c31c265fbb0fc62b9b56fc537cdddb6a4951b82e79e5f9642bff77cc49482dea597cc906

  • SSDEEP

    12288:95NYhaZ88m6KTf2o6zaaoVbayAzGZnfG+84DpVg6l/tSHNm:95yhOiTf2rz0JwWxgs5

Score
7/10
adwarediscoverystealer

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 64 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in Program Files directory 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Modifies registry class 36 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\70ef2c696b5c4619649cff99199175cb_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\70ef2c696b5c4619649cff99199175cb_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\Users\Admin\AppData\Local\Temp\BJSetup.exe
      "C:\Users\Admin\AppData\Local\Temp\BJSetup.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer start page
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2180
      • C:\Windows\SysWOW64\Regsvr32.exe
        Regsvr32.exe /s C:\PROGRA~1\QVOD27\QvodEx.dll
        3⤵
        • Installs/modifies Browser Helper Object
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        PID:1348
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\DelTemp.bat" "
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2492
    • C:\Users\Admin\AppData\Local\Temp\setup_000026.exe
      "C:\Users\Admin\AppData\Local\Temp\setup_000026.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:1520

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DelTemp.bat
    Filesize

    73B

    MD5

    c87e3c3fd2b4f7c94785792e755f45a2

    SHA1

    9319f76150e862b409e9b372790a9ec04ca50393

    SHA256

    51e31f3e3e53695b95a5a35a6668f5fcab3dcb6b685b07dca7dbb9ba9c92c3a7

    SHA512

    832d1360910727ebb9c60772ebb85edcbc1996cef8fd18dfada02557014e1c28134f7bc0a96bb6b65d174605fd761f44932f08a88953244333ea12248f157453

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    Filesize

    1KB

    MD5

    c2da0a7677bbacc31fa295345cc42643

    SHA1

    d39dd14a3e6a749dbf81896a4ac5410766272307

    SHA256

    c0f4d369f4fae0e23760d627308862b1b34e71f7867e0737ebfc73e4d49269e3

    SHA512

    684b149d6c058e6af66f29068cc0c9d071a1a8cffe3c97a30f5e22126c9d9ace0402e615a257e0bf976a5ab08cfeabd847dd7ddfdb7ec5d51d905bcc6625aaa9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\BJSetup.exe
    Filesize

    1.0MB

    MD5

    3405318f573c251a4b6b5f38b4f43d40

    SHA1

    528faadf2823f7b1cb3ffc73268a5d20b0985aa1

    SHA256

    f68d9bb639b873caedfc8fa316789f9dcbabb9c3aa0496a659164362422cbc4b

    SHA512

    9d7cd852bfb04aaf3adee91964b129b995efa7367a0f201e863230f982101c15f60cb6b87ed473d6bb05d5b7b2d322ed685cee434648a9116a296a55d4a95fc1

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsyCC45.tmp\ShellLink.dll
    Filesize

    4KB

    MD5

    073d44e11a4bcff06e72e1ebfe5605f7

    SHA1

    5f4e85ab7a1a636d95b50479a10bcb5583af93f3

    SHA256

    b96b39cb4ad98f4820b6fd17b67e43d8d0f4b2667d50caa46eff44af245d75bb

    SHA512

    e9f99b96334764ae47aa026f7f24cfb736859a9131bd1c5ec7e070e830b651787f49910911f82e4ade0dc62fea0ad54ba210b07e44830eb2be6abb710a418a98

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsyCC45.tmp\System.dll
    Filesize

    11KB

    MD5

    00a0194c20ee912257df53bfe258ee4a

    SHA1

    d7b4e319bc5119024690dc8230b9cc919b1b86b2

    SHA256

    dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

    SHA512

    3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

    Download Submit

  • \Users\Admin\AppData\Local\Temp\setup_000026.exe
    Filesize

    77KB

    MD5

    a0f03b0ea0bc411f39827363aafc6eb2

    SHA1

    755ce9e59c19a22a3db66dfc4b3c65434b5f3519

    SHA256

    2640d8b199c895891e1d37796c56423422072d15ac7c194e25841be7ac6638e9

    SHA512

    af9add92c83c3a0efa295e61c717f328fd2997e5edaafacdc050dc325c5dac48e4dec4338842eeb9f2c54e2504d2291aabaa59e79f6e2d2e05891c728b96b498

    Download Submit

  • memory/1348-276-0x00000000001D0000-0x000000000026D000-memory.dmp

    Filesize

    628KB

    Download

  • memory/1520-29-0x0000000000400000-0x0000000000440000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1520-245-0x0000000000400000-0x0000000000440000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1520-247-0x0000000000240000-0x0000000000280000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1520-248-0x000000000042C000-0x000000000042D000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1520-34-0x0000000000240000-0x0000000000280000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1520-286-0x0000000000400000-0x0000000000440000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2040-275-0x0000000000440000-0x0000000000480000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2040-28-0x0000000000440000-0x0000000000480000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2180-285-0x0000000000400000-0x000000000050C000-memory.dmp

    Filesize

    1.0MB

    Download