Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

3

8314cf6fb5...18.exe

windows7-x64

5

8314cf6fb5...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    147s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    02/08/2024, 04:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8314cf6fb572fd144991cde711fd0d5f_JaffaCakes118.exe

  • Size

    44KB

  • MD5

    8314cf6fb572fd144991cde711fd0d5f

  • SHA1

    f982e4ce197bf47679a38a82cfa362ad00db9be3

  • SHA256

    98688948cf24bceec0a3f47e6fdc75a63e9ac0fddbc5fdb31b362377840bcf00

  • SHA512

    bf49302ffae08752ea00292e49b6a418456bf172459f6f0c2df8d5258e161e3d874886ec17c5389082fefcae0956535d733472a5c30e987433ea55cedb4d22a1

  • SSDEEP

    384:1B+s4m5jdPc4ImVrmX0Ez+/Qfk6W/SBe4Pv9t5Ao6WSMcGYo2Eh0gTkGz:1B+lCRPfIm9bEqYW2/5Ao6WSMc0pTT

Score
5/10
discovery

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 58 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8314cf6fb572fd144991cde711fd0d5f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8314cf6fb572fd144991cde711fd0d5f_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2340
    • C:\Users\Admin\AppData\Local\Temp\8314cf6fb572fd144991cde711fd0d5f_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\8314cf6fb572fd144991cde711fd0d5f_JaffaCakes118.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2428
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.pppp123456.cn/welcome.php?k=t%2FK9qMCtzqrG67buxuvF1Mbrt%2FK38sbrwK3awLfyxdTA1sCtwK3Iy7fyv%2BzArbbuxuu27sbrv%2BzG67fyxuvH672owNa9qMCtvajA1r2owK29qMCtxuvL48bry%2BPG68vjxuvG68bry%2BPG68Ctvai9qMbrwNbG68Ctvai%2F7L2ov%2BzG68vjvaiwor2ovai9qLCixuuwor2ov%2BzG68brxuvA1r2owK3A1sCtwK3G67fyxuvG67buwK3H67fyvai38r2ot%2FLL48bryMvA1rfFwNa3xcCtt%2FLArbfFwNbOqsCttu7ArcXUwK3G67fywNbArbfFt%2FLG68Ctt8XArcCtt%2FK9qMDWzqrArcbrwK23xcCttu7A1rfFwK3Arbfyt%2FLArcirwK3F1MCtzqrArdrAwNa3xcbrt8W9qMirwK3F1MCtzqrArdrAvajF1MCtvajG67buxuvArcbrxdTG67%2Fsxuuwosbrt%2FLA1sCtt%2FLG68CtvajG67but%2FK38rfysKLA1sCtt%2FLArcCtsKK38sDWxuu27rCit%2FLArcXUwK3Oqsbrt%2FKworfFwK3F1MCtsKLG68XUwNbArcCtxdS38svjxuu27sbry%2BPA1sCtt%2FLG68Ctt8XArcCtt%2FK9qMbrtu4%3D
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2140
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2140 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2768
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.go2000.cn/?2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2848
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2848 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2736

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    55d1c8d35988e2e5d8736c62ab0de974

    SHA1

    5b3cd28f2de65d3754ef1b65bc56fa70c3bc5ad0

    SHA256

    21e00be7d661d5d3bdfe160450465f2497871f845a4187d7de0dda5201a83284

    SHA512

    64a00aa4eee6da12fefa1a8e5a7b928ee4e2a428d084f7990cc164abc839e2a71d53e4e92b674be5eebec5b1678e9c1a2461a547b1bd24d48f8d44a24860f36b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7db280243aac5479b91aaf9a7f4526a4

    SHA1

    8745a2d3fa0cc4560e2db339b571ce1da25c205c

    SHA256

    7892f8efb2a5afbd4267f1c91d41099ae8bf9ade0f99d30e4531128e2c27698c

    SHA512

    374cbf9c785f2cfeaf77959151f86978db40ecc413be67c19400093f7501723fa51312d2b310b04a26b15c0e3577c19d61d844c40e125c3bc2b6bc379b25a0dd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    583260575bc1a794096b2f193dabe5b9

    SHA1

    f6225ec11f54f5ac72d1cc027a787cd88bc8a612

    SHA256

    a191ccc1c151f1d7bc31bb0fc47472346eb7b5ff1195233fc2dbdab67667771a

    SHA512

    d9cf3a91dbf5048f488e370263cc4377245af1e2d763130dba6da51b2b0c53db8ec19e272ade99f6d11cd0e03f97a5411dc7a4ddb4060cfb9fc338c4a833bf99

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3939d9a463fc4569ee9ee8f8dc9cc77c

    SHA1

    8f7143988548ebf77713aaa597e89cd3113da4c8

    SHA256

    112777723cb2e44d1aac32837481b92d8efe71117612305f611e6302a76f96e0

    SHA512

    b8b1ea5e8dc3a0e182114d86d331a77e69e1d6b43b31845d6c0ed0cc525bf8dbc623b5ca2ab5c50eba93ed641ba58656ca83ad3db6e7db4bb694c6485202bcca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d015eb104feb138be8d9d5617c9861cd

    SHA1

    4bcb25c7b9f23df3f60688d5e1c048f73921b705

    SHA256

    b72ab5af0534773bb027109297297059f430efe665577f2b7cc23bc32dfac3ae

    SHA512

    2855b3bb2312e23aae1935ce35c53fc0623679d01e0c23e415cfd3503c25d17f2dc254e34ba8e3977cee83392e2a80c3aa6735a2c7a93ab449bdbe74a42810c9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cb93bbbd7e32144965368590894a6057

    SHA1

    e03cd3f2eb7c74022c563581d6033dc321fcd9ca

    SHA256

    d1e7b2fef8433bbef968c619bd97c52c9f5a5e102f3f2a3c05a6c805b2998cd4

    SHA512

    ecc912e8483a2255e7a98f84e5196fab34d42da1b31350ee2cfc271a65fd6f4fe898da364dcab067f64a746e76fffb7f3618aa072124ad4d75011e802712fed6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    45848820e1ceb4a585e61929de0d4666

    SHA1

    802cdf4b3267f332a8d002373f0eed44d79b6920

    SHA256

    d1d8a70752f6c8c86333e3d6df99211e72766062d7a6af09fd77d7f6ce0bf05b

    SHA512

    85d8da67e8c96f930316a57218d3fc573348e5f4afda233c2e939203977054377a937f2f8e281b84d5031fc011457d36c8c3af8a3006175227a7fe57ff55e534

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ab3b06679368814683cd8ba9d41a94bc

    SHA1

    72a5746c802ff5beae5d9ebfc3ce9ce53abc2f51

    SHA256

    2549c4e154a6c002c839e993dc6e27531a6fbeda4911c7ac2aa87de32e85aff0

    SHA512

    0b763aa9fba5eaad11f9102492328e77458684c6e5e68722a5354fb4b73f161f6a7f7f9d809aa51442aedd173d08e4c30b1f8cbaf99f42474da3d63b21c48a94

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9966ce9a79fab9a23e578a21042ea3a1

    SHA1

    335083a963a52c332207ec5e7f10b979628450f9

    SHA256

    0e1bf40fe2bc33c302c69fcaee1ba70c4d7033df559ad8537fcb0b905528e774

    SHA512

    a301378bd473570df1ada85ce6092bf6759dab32d6e77c0100d4c3bf6231cc193da5e4afcd8689114bcd8253f701e93cae2cd8eff9b9cf8425b9a991168814cc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    78e24f32562ad60b8e77e9b3bb59da85

    SHA1

    be91b29d9493b455ceb2990a9400acab129834eb

    SHA256

    2990ef643a40e9aa7fb6ac9a9b3c295b5f96521006ea530af8331785579a6dd7

    SHA512

    d67f6056fe9a94b3af7e15b00a22c593848a535c6c26e2d766913bc2229045a6170117b1c312309404db915497f9f89830c736e5b7da9bd19232c28d36f32d6e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    442c4e37b28a57af0e4b7f5cd448beab

    SHA1

    8d505ae406f2d709d52b72aa8606c65c463081ac

    SHA256

    e9e90a0edca21413f100d774bdb5880b5fca3f26b5485f25aa44c552f46679b5

    SHA512

    b459d9c21edd9fa5763875c16b69779e68454669df1b519e8da145a469a68726ba5ceef4df6254433e1ea2c035dd69a0f84151ec853f0fcac9a11ec49357b88b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d25aa4fbac31e0802cb2d2de126f4957

    SHA1

    fdcf5659590f319af200048fbbe73d31b6993ec6

    SHA256

    370cac0a3425af1586f76bba19fffcef507f3af2bfa6262f232819cadd721328

    SHA512

    414127732de23dc4a66c8bd005c3219360f5b8ed1c5da2c09356669de789521b2393853d1e1dae1ba3b924d7567558167210ba1b03c2ea1d5de7138a4bc64215

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    80c9ebdff36304268f343c94cb04ec72

    SHA1

    60f476c7e48eccd7f3b56f5094c0934b2af33ce0

    SHA256

    d8cf82c242f8a0ec2f44c8e17be1f5e91429fe67688fd59bae269aed0beccf74

    SHA512

    009a1664e291b516156c10ea77f77f545a776ef8ab41075df596104f36702870685c17e9998fec86bbf8dcde9ed7c509a65763ed2e2fbe737a9f6efe211b1bbe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    37fc3f2a7a9162d2ea698754b1c14ee6

    SHA1

    485b3667fee65aa104c2ba28f09f05755af7c8b2

    SHA256

    05b4aca920a001a6af66b08a21ff0c3d77f29a86680701469575c70a94eac59e

    SHA512

    4c1fda321220e4201e5d8abd7c028394ba15ffe48d47abe78ed172e7ca80451fbe624d5866e9146356f4023b382931bbc041cd57c53402af5930847d0182bc2e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b5bb0141dd895bdd7ba301bcb64f639a

    SHA1

    05f66fa0f10c3f9ace41f58879afc48c12ac4d12

    SHA256

    95b64bee0d6b9662e29cf3cff316425e50c32132623b2d32d4aecbc24785b43b

    SHA512

    ce7ae393140580a445a8a8347eec92a3b908535d2527d77a1e582d0df44eeb313f7674d60a790c75577b2ee6b1e8bf8a50bbe54d56488bee35c9a5d3c45abfef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b0150f012756fefca538ad1573925a45

    SHA1

    52ec5168acb745e8ea2c2e72dbbad74d5d4effa1

    SHA256

    3e8b7dd6b074dca22667895e36b9f4cacc9d5345a00804f9b913cd487ec8d604

    SHA512

    180c4600e8c812bc4a45d22d68da958d2a67122bf1e263ed21730ebacae8e3a50a71b021a4132aa5bd882897b8294d6196837929f2cfe791d7a6c5f865aae3cd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    36475546af0358214d40193959dd8dd0

    SHA1

    c39fb18e38129d9a7c684dcaa02d75902567dbac

    SHA256

    029ccfcb36aca0a05bc787f57ab41e31e978d4e2472193e0f7fa7a019771151a

    SHA512

    7f93c9ede0c8b96084b6cd9354699bf9b15b4efedd79bedb9779c8cfdf0e203c23b4ce0082ac2e9d4f245ed6e7ecf3790e6d73211ec004fc3c4f8b134a3b2461

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F6496EE1-5089-11EF-B707-6AA0EDE5A32F}.dat
    Filesize

    5KB

    MD5

    1a1c0f872e2f4c180d8970c354886a8c

    SHA1

    25a660e9549741ae5ef339c3db96eeb11903dae9

    SHA256

    b8a145b58f23318d2562dcf3726a7b8376b8bb4b84d0b954fc6ca21ea3a55810

    SHA512

    1149c222aadb6779c9a6deba3b8d18c9b81da584c9b27fd54a6f78169c0c130e31fc9f697cf4cb577f97889237a4c27980a4e5f70b7e543905dfb8f4e5909cdb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF70F.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF79E.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2428-11-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2428-8-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2428-6-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2428-4-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2428-2-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2428-0-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2428-10-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download