Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

82a40fa636...18.exe

windows7-x64

7

82a40fa636...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240730-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/08/2024, 02:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    82a40fa636812a69cbcea3079f59ac45_JaffaCakes118.exe

  • Size

    349KB

  • MD5

    82a40fa636812a69cbcea3079f59ac45

  • SHA1

    3c3277a7eda4857ae4f7155a10cfd2fef4a6107b

  • SHA256

    a4390c8aa7f4515e739417385626e9af0d7d8d2bbe201669d7a27dbb81909f04

  • SHA512

    0fd4efb8c3e77c8e43342e8f37217407324f7212a382f0879d9fc47f3b1e68a51c6f7e6fbfc02a1314b3db5f2acd97857bea609f1e70780df863402deaabe3b8

  • SSDEEP

    6144:ye34WpzWCHKMayfL44okkdq96CQpiGF+p5QKC0vb+FO:YkL44oqspidDvb+FO

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Modifies registry class 11 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\82a40fa636812a69cbcea3079f59ac45_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\82a40fa636812a69cbcea3079f59ac45_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2264
    • C:\Windows\SysWOW64\cscript.exe
      "C:\Windows\system32\cscript.exe" "C:\Program Files (x86)\EditPlus\kk59.icw"
      2⤵
      • Checks computer location settings
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:4488
      • C:\Windows\SysWOW64\WScript.exe
        "C:\Windows\SysWow64\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\kk59.icw"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3008
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe
      C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:4804
  • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
    1⤵
    • System Location Discovery: System Language Discovery
    PID:3312
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5064
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5064 CREDAT:17410 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1512

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\EditPlus\kk59.icw
    Filesize

    132B

    MD5

    77bc157e3a50b8fcb1aa8b3d20693f9e

    SHA1

    56d0b27225ab2842ff7e2f8fffff30b989c112e0

    SHA256

    3f857740fd56a1b116d1de4348b1c23a8737a8a7694918dbf9408d93340a06e6

    SHA512

    a81c2fd0d3e17ec658a807485bcaf06888d268e17e09c1c71bff48b3bf964ccd2adbd3a5bf25d4153f91c2185e1dc1a212848b648700a49f0b880bc2532dbbcc

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NUMD4D1L\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsh978E.tmp\System.dll
    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsh978E.tmp\nsExec.dll
    Filesize

    6KB

    MD5

    acc2b699edfea5bf5aae45aba3a41e96

    SHA1

    d2accf4d494e43ceb2cff69abe4dd17147d29cc2

    SHA256

    168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

    SHA512

    e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe
    Filesize

    44KB

    MD5

    7c30927884213f4fe91bbe90b591b762

    SHA1

    65693828963f6b6a5cbea4c9e595e06f85490f6f

    SHA256

    9032757cabb19a10e97e158810f885a015f3dcd5ba3da44c795d999ea90f8994

    SHA512

    8aadb5fd3750ab0c036c7b8d2c775e42688265b00fe75b43a6addaefc7ee20d9fa3f074dd7943570c8519943011eda08216e90551b6d6a782b9ed5ce20aa6bab

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\kk59.icw
    Filesize

    845B

    MD5

    e3f630212e07f0455e8555a6e2f1cc2a

    SHA1

    6814c4a0e8153fa54326663dc64b948e450b406f

    SHA256

    610b20b2ba4bf7a7158592cabc09189dad35eaf7a3dabb2c9c66b69cfda60eb0

    SHA512

    c7566fc7f04015fa2d1e6be1cca0e33c864fb83837f24f40c8804fffb0002c5bcd006e97f84cc97f499512e3bea0e9285719e22d136a56fb0d5bf78ff0456210

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\statistics.dll
    Filesize

    80KB

    MD5

    67cf306d9bdb258d3cc5b3244cb54550

    SHA1

    8146becfa2fceb897216720e8fa59960b69ebae3

    SHA256

    a8526ac60d3c0d33c503c3d262752182864d1dbbd376ecc0ea60987dae869fa5

    SHA512

    74b1dcc812a2cd291a9429228929d2dba26a053315add45415da579c3ae7e7566a943930de42e81ff5d2a4c36de930cf9c5cb26ea92576c504a0621de633acfd

    Download Submit