Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

5

7121af4236...18.exe

windows7-x64

7

7121af4236...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/07/2024, 20:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7121af4236f94e40a70dee7cd3cfd537_JaffaCakes118.exe

  • Size

    2.9MB

  • MD5

    7121af4236f94e40a70dee7cd3cfd537

  • SHA1

    27d79123c5721a744c857016771abae19ad5d84b

  • SHA256

    1570151349b2273b968614d21a43183f3a6558353c8ed1fe27e431ecc7cc3965

  • SHA512

    28a1dad5730340ce649e4ee2e48c12ee17242b59c105f72afe7b1276e4e3f59546be67349405cb5d756ebf88ae90ec5b66198ad1f0239783130fafc6836bc3e7

  • SSDEEP

    49152:nffy4NwrQp0naXxl9LC2v2UZGglza0ZWIt2ZQUhu6awTMiC5jiteK4sYD1BIBD8:nffy/nM9LCC2Uf3xhn6bTMiC5WtEtBug

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7121af4236f94e40a70dee7cd3cfd537_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\7121af4236f94e40a70dee7cd3cfd537_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:852
    • C:\百度工具条.exe
      C:\百度工具条.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:1096
    • C:\hahagamesss3.exe
      C:\hahagamesss3.exe /sp- /silent /norestart
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:720
      • C:\Users\Admin\AppData\Local\Temp\is-F1JO7.tmp\hahagamesss3.tmp
        "C:\Users\Admin\AppData\Local\Temp\is-F1JO7.tmp\hahagamesss3.tmp" /SL5="$801D4,1630073,72704,C:\hahagamesss3.exe" /sp- /silent /norestart
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:3312
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.520560.com
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:968
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:968 CREDAT:17410 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:436
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.1234.la/an.htm?77di
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:844
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:844 CREDAT:17410 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:780

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    021bab2a16417342ed4183f51717f05b

    SHA1

    8f443ca424429a32784da4dd7db4417b55288b48

    SHA256

    f6a679f6b4dbee865d3441be7295caf63fd601a48c02ab1405fab4a9339c0a6e

    SHA512

    73ba5f70344bb2d9b50195eeb9f6ad9463d8827f9d48a0026323fb810421f2e5a6d1c9f626b0f5e8dd2c0e9783bf5f561b821e73b0f5f31f99423ee1b46543b4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    8f431b352eec42fb50105336a1700a67

    SHA1

    acff2f746983a3c9f385df31f2f48a92ed9b9a13

    SHA256

    b7b08da7f5682a4aab147eaa898ecde2d303f3db81e8abc30a52ebbf54647e78

    SHA512

    341eae0cb01b1f198d0ee6052f682bad7b2812831c2532179a343276b08e895c599b047cc2847f180d4711cfd4fbe31527555c1cbc9c0cd6018b18b338158062

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\P976RT91\www.520560[1].xml
    Filesize

    136B

    MD5

    20e255fde0d9f5aa9c99360f4e25d49e

    SHA1

    98b979b280c3d519808ef28ed2bc85ea258ea085

    SHA256

    5d442f83ef382517613ece615407305ca978a61d875c2bc38dcffbce81b57527

    SHA512

    d8a8d30e8cb6e2420bdead4b31a2dd96924ec270a96fb4a1f0c21836fd60d8fed6b3727273db2383b1a41f66111f3caeb9b78d524ff34915f212c76c6587d4cc

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{49B72D47-4AC5-11EF-8B18-C60E1FCD92A3}.dat
    Filesize

    3KB

    MD5

    a2c651dfca7fcfed7ce3933c84271d40

    SHA1

    da0c2121e24e15eafd5882fdf8a07070242a2b83

    SHA256

    dffd1f5be59dab970d4538fd2058205201139ce2791462a058e612b0237c0565

    SHA512

    25343fabe7b592cb89c303f5b0008557961705396dc8b9fa3189ee759af26caf0f73ad6f14d1be1ad87cd554159be5b9b02433345cbd2eb6f1b0301904cc1ff0

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{49CA4144-4AC5-11EF-8B18-C60E1FCD92A3}.dat
    Filesize

    5KB

    MD5

    72327bfe47142d567e0d1da411beb08e

    SHA1

    0770aae573757fc03977d62148dfe32a9de7cfdb

    SHA256

    28435925b8fcee98d7aaf8249aded643098e37ad7325c13c6279807ddabdaa04

    SHA512

    8c09eb273beb1bc0f059c678dc67abf8cc8d75ac2b670985ce0140bdfe202cc42f0e9a76d9343dfb63a1cb0fc7dc898ce231c4053352b565b855a373ca875a82

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver2D54.tmp
    Filesize

    15KB

    MD5

    1a545d0052b581fbb2ab4c52133846bc

    SHA1

    62f3266a9b9925cd6d98658b92adec673cbe3dd3

    SHA256

    557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

    SHA512

    bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SN5O4Q15\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\autB083.tmp
    Filesize

    1.8MB

    MD5

    d20046cbc55e12245f16cc1840c93aa5

    SHA1

    2bebbad38f542b25abc7a5eb006d4455db857459

    SHA256

    2761606c12787bac5841d5a8c1a472a09727b0a9386e68ccb4445a622588bfec

    SHA512

    0af332749c9b848b9a6fc1918b007bef031a94458185b36adfdb4205e3348ed39b94538e99f24d3be94870f5868283d66c9f01eb1fdaba6f92f270650aa4383a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-F1JO7.tmp\hahagamesss3.tmp
    Filesize

    682KB

    MD5

    d0699dfc3ff2c8980f167c7ab586dfcc

    SHA1

    c3f4aa0a542c01a0251782e48b313cbb7c5941a7

    SHA256

    52361d23cd961a2918dd0ca57306bb9d1cf9aa65f518d2b4d11147ef1f657175

    SHA512

    ea55708ba81207a55dfaf8e4ab77e837086d83b27c185942ce6b228f0844d4dc3e26cddd39cfda60ebf34a4f449e563f47ad46ba72e45a133e898e2a038fbf69

    Download Submit

  • C:\百度工具条.exe
    Filesize

    565KB

    MD5

    a7fe02de9f892a9043e1bb4a0ea2715e

    SHA1

    d84c05fa7c324183c45ad2d8ebae556010ee91af

    SHA256

    d3f2c383616002b4126caf9bb05c1a903745bd6f43a9c94e5d6220a800b9700f

    SHA512

    32917a5576a0512fb3b0b67ae7a0d796ec46dd3e36d5bc59e8187c199bc8f755e4e98b0b600d24f1cc8fe59623c0e49e86098e8dd38c731a60fa8c6d966b2858

    Download Submit

  • memory/720-87-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/720-93-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/720-19-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/720-21-0x0000000000401000-0x000000000040B000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3312-88-0x0000000000400000-0x00000000004B9000-memory.dmp

    Filesize

    740KB

    Download

  • memory/3312-92-0x0000000000400000-0x00000000004B9000-memory.dmp

    Filesize

    740KB

    Download

  • memory/3312-31-0x0000000000400000-0x00000000004B9000-memory.dmp

    Filesize

    740KB

    Download