Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
138s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
26/07/2024, 23:11
General
-
Target
7621cafe46475b60056b307079a25ba5_JaffaCakes118.exe
-
Size
50KB
-
MD5
7621cafe46475b60056b307079a25ba5
-
SHA1
a0f9aca4901b8dbadaeaab660415d7ff57543f44
-
SHA256
c25bb4b87035025c73c699bcd9edc7cdb3b904042f32f6d56b822103d9f895a2
-
SHA512
21453045aa51c119ef0359c5617c53761ddf96bacca92d0dcb2729e4c766481f7f4b9c7f1f045649feced3024a1c69763e5cd43c046a0bf7e3639843ac030bd1
-
SSDEEP
768:bIqTD/H6QTrauqbEzJr9W3UiBCgFWe+ekWh5nZ2saRCuQMhjA:btiCWuqbEzVoEifUWh5Db
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
Event Triggered Execution: AppInit DLLs 1 TTPs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Loads dropped DLL 1 IoCs
-
Drops file in System32 directory 4 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 26 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7621cafe46475b60056b307079a25ba5_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\7621cafe46475b60056b307079a25ba5_JaffaCakes118.exe"1⤵
- Modifies WinLogon for persistence
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -nohome2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2684 CREDAT:275457 /prefetch:23⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Event Triggered Execution
1AppInit DLLs
1Privilege Escalation
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Event Triggered Execution
1AppInit DLLs
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
304B
MD5a42a4e929dfc959e82c532eb2b5568d6
SHA1ce2c2138c8ef4f594da3b30994e8b99c4116dfa8
SHA256e722daa21c8d780245b0bae06db7256ea24fa5433417da51ae2f728e113fe5bd
SHA51281c7e499223c28b5be362e6e600a5e0bde060090a1faa746af46c192a6811296382a6179184ba688baa1ce8c54665a569796c0a4ae53e62354ce14c05bee11ca
-
Filesize
304B
MD5380f0dd6f4c7269eb52ac0fb3fbf243a
SHA15977ee31657cdd102270c7380f4f9121266ed2b4
SHA25674e01daa0c9bae02995c9310bb2ac89baa16046d0c3d6bcfcfdef2c746fd6a21
SHA5126eb481d53d1bfb8f2b8742ab4cbdcaddae246e6006cefdacf832e60317af77998481dd304d074fe201088f250b1e9bd8c80cb72764fa407da343923f6b0fd53c
-
Filesize
304B
MD5cd54834c78c45d6364d99d99bdabd863
SHA18729c6f76cda025a3ffaefa21a147821f0a3f637
SHA256946bf730fac501663eb06940a60cf854ffef05a230811788a8bcfbddf67854f3
SHA512bc9857e55ec43c27d5b565f6aab1a508b2a673b1f7170b20ae09a98b2257acd87c9864673456b4e93c05d8c706b3ffc9fda393c270aaa336129fbcea87b5bafd
-
Filesize
304B
MD5eec68ca4f384dd91a14b2c0f5b5b56ac
SHA1587f93f9a65ec8a3b83e81d9b93338ec5bed55da
SHA2564e609cded9f53d7fab4841bc72f7959c88999f5cf500a1f42c6392ccc4505e1b
SHA512a9753c551181806703de879209a40e05628865c0b6cadf79c24f78a03947f1822c02f2ec41086310dd51c9df78f9afcece17b34b9d92bbb571e5f5bd2752b496
-
Filesize
304B
MD566fad8ddb58a32a2d1ab8ebb1cf0297d
SHA1f31609690ba1284fdcd84801165c0405b249f3b5
SHA25685f13c6022baae011c4a8fd2425909b94e828ae0a7c5ead2da9c81025d3fd4a5
SHA51211a5a18920610708cc2b9fe64a43cf27bdf61db123fe3067815ee1e248b184585dac86bf50c98ad4845f95bd0833ac4f00070e34f58ef19810b2d782774ea4ad
-
Filesize
304B
MD5b4317fe5d53fe26473b1e746fd17aa45
SHA16763a20f0fc4e8e862dce6b487a81a0c8a0ed21b
SHA2566f34221d532dad9e9e9dbab7a7a33343109031d961540afd8046c30c0728058b
SHA5122d792284bedc53b810336fdac1b83d1022004efa1c2fb308a8bf54a090d67e575daf9c150ba092a792e93c27e60670b697a0b1901f7471330bc207e4004c71cc
-
Filesize
304B
MD5d885966a2d6852e2e9caf1eaeeccd2d3
SHA14989a9b8fb07e79b1fe70352ffb1fd406eec107d
SHA25698e537ab5c21ce93ec3b5c7ef2e05b3797a6befb40867f78df4dc8baf49279bd
SHA512fba62e42893dd0abae9efbcd5f1dcadefc71d1b6eaa16f57c87a04c1b0d721b55d771d4b7bd23e320a1e73a5e5d9696b2e20c4215c68f72444572368f10d1aeb
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
37KB
MD501e05896962fb7c616a08650fc32bc62
SHA10d83b8917126e478b7937549472397a11f85aea8
SHA256443e687cbd2fd449b7afbc35464b05561073563569e1a29af78960b49c70199b
SHA512a4c13eb89440e70007f9eebb7db851523f9a6420b9167f57f449d706b63872261d364510a6228ac017a02da1363b12dfdfe81d4c33170af5514bbfe857a7fd50
-
Filesize
18KB
MD5a330cce815856fe93858a8788c0a5bde
SHA10d59f138601561656fc84d44e99097c6541cd7b9
SHA256b22e8f1afafaa623bf8b175d614ccfafa0d8d96945bf50c9753859fef4180c58
SHA5122a12a91152cfd3cb0aa1436dce0f86b0c400870ccc859c77a68ea5bd5e49312bac40ef8b6c3fef4adb6fbde970f76f76103cc47cf2074a44c3e2202d8fe12ad0
-
Filesize
44KB