Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

734f7fd327...18.exe

windows7-x64

8

734f7fd327...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/07/2024, 08:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    734f7fd3277bcf2a9bace95d12829d0f_JaffaCakes118.exe

  • Size

    108KB

  • MD5

    734f7fd3277bcf2a9bace95d12829d0f

  • SHA1

    434054b9c1fb789194324210d9dc253d8069060c

  • SHA256

    549891aef8565b8cdb2ad43e39fb7f7948f677f27292c3ff11da8827fbab2717

  • SHA512

    7bbd5d4531f79588690d9522162e8358cb027d8c8934fc903b880dd017e2efe09e7af12afc84e2710d4a404001236a9e7002bcf8f0e8a06959a02b0336b66137

  • SSDEEP

    3072:5EJhcz6bmFM8A2qJMYv0Pckj8uAkptf0pb:OJhi6b6MZhF0UkIuLptqb

Score
8/10
adwarediscoverystealer

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in System32 directory 5 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\734f7fd3277bcf2a9bace95d12829d0f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\734f7fd3277bcf2a9bace95d12829d0f_JaffaCakes118.exe"
    1⤵
    • Drops file in Drivers directory
    • Checks computer location settings
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:3876
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s C:\Windows\system32\23szqlfzpm.dll
      2⤵
      • Loads dropped DLL
      • Installs/modifies Browser Helper Object
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:436
    • C:\Windows\SysWOW64\mshta.exe
      "C:\Windows\SysWOW64\mshta.exe" "C:\Windows\system32\myin.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
      2⤵
      • Checks computer location settings
      • Drops file in System32 directory
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:4732
      • C:\Windows\SysWOW64\mshta.exe
        "C:\Windows\SysWOW64\mshta.exe" "C:\Windows\System32\mydi.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
        3⤵
        • System Location Discovery: System Language Discovery
        PID:32
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s C:\Windows\system32\ck0t2us9ga.dll
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Modifies registry class
      PID:2216
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\delself.bat
      2⤵
      • System Location Discovery: System Language Discovery
      PID:5076

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\delself.bat
    Filesize

    256B

    MD5

    c2905bd5fe2e33bfcf6c0d959df3a879

    SHA1

    c038b802de12503bcd833e7bfbb331f358dc1b1e

    SHA256

    e5959e4188f33c046b79700c1cb83460c194b9f003abb25596b928e01497f8d2

    SHA512

    409ca331119c440e4f246106c00aed70160a5c69039b449c0095e5fd3955a6d935ceda2fbe5d1b0382c3282f8f5b9ac85764e8d9ac0a1b526cfd3cd7c3523baf

    Download Submit

  • C:\Users\Admin\Favorites\!SEX SEARCH ENGINE.URL
    Filesize

    112B

    MD5

    bebc60ff6fac1d94969f9e7904cc723b

    SHA1

    13e547e440b3d268d6738e046a044b5ef0e69964

    SHA256

    7d8af2c9923d4790d611479a3f5d34f02ee79fb40610aa55d806bbde7b201166

    SHA512

    c40b7e2f0730ede2e008449afd289cdee6e505eeca3a9b11181226bfc5c0ff56d51d15e71c5ed00b77e8d362c3e1b6c38f164ed87cb53edf9851c1472514e679

    Download Submit

  • C:\Users\Admin\Favorites\!SEX SEARCH ENGINE.url
    Filesize

    76B

    MD5

    b26889af5dbf210217b9dd07c1d8d4cc

    SHA1

    5cd7e4f36cee5b02fce20d9511fb109aabf67dea

    SHA256

    3f5147827fb23019c32fa8b358e88c46b70cce7ea779c240e7c5b256501742a6

    SHA512

    e1954e1271563da3a3690ded3af226eecb4a9beab0537d8f02c206fd0b10f62b372f54c8db831eedf90e213497b1505599943722e71a0c37713af22d69367a8a

    Download Submit

  • C:\Users\Admin\Favorites\-= FREE SEX THUMBNAILED GALLERIES =-.URL
    Filesize

    125B

    MD5

    4090ebd63af3e5668f1bf5be9b655aa7

    SHA1

    a22da0a1fe33f00a8f1850033d7054b523e54889

    SHA256

    3b53aca9f372d335eb6e8d636a4ec43ddd4eadc9076d6a5c66622929d4b34f1d

    SHA512

    b77d5e2799eeb1ab9694de6d4ca91552b3bbb69474f9ce8aa316e4be98ed6e2548d8d042b8004f2ae8563ee4017727a5601c1496e59fda979a119e85d5170547

    Download Submit

  • C:\Users\Admin\Favorites\-= FREE SEX THUMBNAILED GALLERIES =-.url
    Filesize

    89B

    MD5

    a6f8920125734b6d967cae9eeb46db3e

    SHA1

    fcb73764b3c1b09e979ae32f2bd23021c1bac318

    SHA256

    804237f03afb1068cba5aa1fd0356e9dee7f45b123c531cc08d855608179c82f

    SHA512

    50e244df1d3079e75ac9f3a30e310df3500f5eb9e7eead62aeac5f94bd342490bddf4344a923a7bf235462f7c20fbdd19ef04d264a03fcfa75a0d13b7c20bca8

    Download Submit

  • C:\Users\Admin\Favorites\1st! XXX-TV.US - FREE XXX THUMBS DAILY!.URL
    Filesize

    106B

    MD5

    ad043b4b17e08c48d6a760cf1b33e2ee

    SHA1

    2e48539eb20ab41a6dd1fca0b38f6e4f674d8099

    SHA256

    d68f887e84ad27b845466d5dc0f98c3e00e10f18580e584aa426946eda9b9aae

    SHA512

    4b71401f59f42820d2b2f6299152d06e2996e3bd45cf1f7f678d7b8764cbf2d80b3a06793289e1a429df9c5345b3c8a492f47bad3a5c19721e0f6658cfd9a341

    Download Submit

  • C:\Users\Admin\Favorites\1st! XXX-TV.US - FREE XXX THUMBS DAILY!.url
    Filesize

    69B

    MD5

    6eff3b23b5849e3d3d1175e89f38b09e

    SHA1

    ebaa379855f34f33f7dfdecc5705fd2fb30be3ae

    SHA256

    434314eec5630261a8a4c4b906db10f1d0fc68c581c26e32aca57456f0aae0ac

    SHA512

    c95afffc821d135c54a1da777bdb674b38d965ed26692e9564cd030bc3009dbc281396a27953bf22954c8108e77a6d1606cdacb3472f3135df6a0df08f31f6b9

    Download Submit

  • C:\Users\Admin\Favorites\FREE PORN PICS.URL
    Filesize

    109B

    MD5

    fa3959c9205497853b4bf28a302f3fdf

    SHA1

    13c3cc5c41b2e7b193ed028e31308e9b6816aa12

    SHA256

    90e521b46930a717aafdf4473c30dd98cc4ef08fc419409ed94c3cb7faf6082b

    SHA512

    584b0d665954cefb1c825082cfe9727c63aae3954c6ca700d32f407061f4d7ec97403b4114b8278aec98f17e2194aa2f3bed105f8e5136f46f58cce487a8db63

    Download Submit

  • C:\Users\Admin\Favorites\Uncensored Sex Pics and Live Cams.URL
    Filesize

    114B

    MD5

    f14bd34d46f63c6263875077c43cb7dc

    SHA1

    0d20dd53f026dff0d569c6fe99112720916301e2

    SHA256

    790672ed62c81603d5a1defb40c298a9ce0a35a37241d6ffe6064da953d1bee0

    SHA512

    c6ff7e5e33bc1c30cad0e0a36f4654352adbb57063f769fd813fd84bfaf4811ab0edf80aa639606a34b8cc941104215c437260400ff30427369b8d05f4f049c6

    Download Submit

  • C:\Users\Admin\Favorites\Uncensored Sex Pics and Live Cams.url
    Filesize

    87B

    MD5

    efb656322d20e112a2de2946bfe1c66c

    SHA1

    cd858cbb184230475c53b4b1f51c0b078fe91229

    SHA256

    98d55745d1ee155802641c3b997aaa4cb990fc9673bb3cf276bf8f637444b0a0

    SHA512

    7d82b57a0be053a8b9a87d88b8d25fbdc1f478260e42f23d573cbe7191e9d0a56f12360069ed7da871ac2aa1882afa9b5d3ccb1010b9182dc0354f105b4a611a

    Download Submit

  • C:\Users\Admin\Favorites\~ Porn Movies ~.URL
    Filesize

    116B

    MD5

    ec4d38d595945f3c0d21fe329005e042

    SHA1

    a303a6fd7e62f873aee91c9a823668b22721a52e

    SHA256

    3f6ee7214641fd23494c322439547ecf26166553c3539148673f6e7cdbbf1b0e

    SHA512

    6ea0af52193fd977fb0e53d2c9e5002422310e762c80684a943c1ee0b9c2d4d2a7babfd979a01d7c13059bd69a835db33d0adae9865cf21e6c2c4948ec55a745

    Download Submit

  • C:\Users\Admin\Favorites\~ Porn Movies ~.url
    Filesize

    79B

    MD5

    916fd4e4a2bfb72fa5ba9d0deadee645

    SHA1

    e4ff36e5a6ae1cb617bdd0e2250c2a618de29e14

    SHA256

    b97d368edddd349a3baf37df129fc8c852d9f358dd14f1d182edd1450153a33f

    SHA512

    5a761c65e73bd9cc14ed44d742d857fc836fa281dc7d1a0ba758cbcb9d86f8ab05bdc94b498d43f940592f6cfa6b83a3fecbbf17f25c2a97d189b8283c1c49f0

    Download Submit

  • C:\Windows\SysWOW64\23szqlfzpm.dll
    Filesize

    41KB

    MD5

    da27fcdbb081b9ebbc2134866aaddb40

    SHA1

    ff07e1c378192b254c1e69513045d2ff6d0c8ec6

    SHA256

    1351d5cadfd3e4677573ba3b511e1a9647747345cb873364842fcd4a0db574b0

    SHA512

    5aabda4999e01d02008cb6a9d4f92d98367232adb1242bbae819a41b139e457705e19dce4fdf9d88b330e9acb2f60c132c0e35162f33fa46c4b35cd221652dfa

    Download Submit

  • C:\Windows\SysWOW64\ck0t2us9ga.dll
    Filesize

    31KB

    MD5

    b78a37653d668705699a5d1b672c50ea

    SHA1

    12c7df63ced3327ffda5759f307b8ba0a0bb08a8

    SHA256

    eef5fab9188c0569bf8af6d5c6cf72326701c5cd64c21889ba8b047de743938f

    SHA512

    1564a17c7257f02900b576aa16d19bb27ec20ffb2f65dd0f2a39ad647de26ab91ba1fd6010d37bd0cc4720d0c538cfb3a9743e29c42f85c94125399618720471

    Download Submit

  • C:\Windows\SysWOW64\mydi.hta
    Filesize

    506B

    MD5

    a692abbc4b5025c9042d3c725cab5d64

    SHA1

    7da841a081ab1418b4797e30fc9fb8de6f27e422

    SHA256

    f85ee7a6a9ce0e94bb85f32bc37d8b3ca970a8c178b40e5d9c80efeebf7851bd

    SHA512

    8d9da6f7c683f7d73a6aeed4ec75780cc9866b3cb404ddcb31a2d348365edbd723b75f7048bf11857a21a8c7a79e518c255f7422070a39df680d43dbb9d71bea

    Download Submit

  • C:\Windows\SysWOW64\myin.hta
    Filesize

    4KB

    MD5

    9b0ecb0a2cfc62a69297260be27b12b4

    SHA1

    5ccb3aa208957e4aeec63be08741eca02ae08a20

    SHA256

    81ec9607aa7d0f047c9c3d254caeb033f6908a2978a2313a9570cee5aba122ba

    SHA512

    e7d75273ca566b806257fa55f86324ecad28f52d8473d474a0cc97a3a87be3e11e828aa1ee206566cb31d080739b6b6082c4e827071c4eb301a262c24d0d7669

    Download Submit

  • memory/436-5-0x0000000001120000-0x0000000001121000-memory.dmp

    Filesize

    4KB

    Download

  • memory/436-4-0x0000000010000000-0x0000000010019000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2216-54-0x0000000010000000-0x0000000010015000-memory.dmp

    Filesize

    84KB

    Download

  • memory/3876-0-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3876-69-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download