Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

856d541b75...18.exe

windows7-x64

8

856d541b75...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    137s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    10/08/2024, 08:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    856d541b750e705e57e86925f1ed1d3c_JaffaCakes118.exe

  • Size

    250KB

  • MD5

    856d541b750e705e57e86925f1ed1d3c

  • SHA1

    aa9d83a9a23ec39dff570046a93ffd6486d8d492

  • SHA256

    2e9bd0a53766e5e69eb708271211f7b9ba01a1620c2acacf5bb75189213ad0b4

  • SHA512

    bdaf25320c0a8203265addadac27690da6b68c47276d02538f6eab6f41d8ba4d1b9aa2bb400d723a766455d97fcf8e6bfad619dcd247b5908853c06fbda6b3ff

  • SSDEEP

    6144:8hieuJDr5T8b2ufqBLjSB/MS7irtIa6cwoD8ZroSfjGFA:NeKrJJuf86AYcwoaoSbr

Score
8/10
discoveryexecutionpersistenceupx

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Deletes itself 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in Program Files directory 2 IoCs
  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Modifies registry class 26 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 17 IoCs
  • Suspicious use of FindShellTrayWindow 49 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\856d541b750e705e57e86925f1ed1d3c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\856d541b750e705e57e86925f1ed1d3c_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2388
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files\WinRAR\winrar.jse"
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2440
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.go2000.com/?g8
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1580
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1580 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1728
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ping -n 4 127.1>nul &del /q "C:\Users\Admin\AppData\Local\Temp\856d541b750e705e57e86925f1ed1d3c_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      • System Network Configuration Discovery: Internet Connection Discovery
      • Suspicious use of WriteProcessMemory
      PID:336
      • C:\Windows\SysWOW64\PING.EXE
        ping -n 4 127.1
        3⤵
        • System Location Discovery: System Language Discovery
        • System Network Configuration Discovery: Internet Connection Discovery
        • Runs ping.exe
        PID:2704
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2816
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x598
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2156

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\WinRAR\winrar.jse
    Filesize

    11KB

    MD5

    9208c38b58c7c7114f3149591580b980

    SHA1

    8154bdee622a386894636b7db046744724c3fc2b

    SHA256

    cb1b908e509020904b05dc6e4ec17d877d394eb60f6ec0d993ceba5839913a0c

    SHA512

    a421c6afa6d25185ec52a8218bddf84537407fd2f6cabe38c1be814d97920cfff693a48b4f48eb30c98437cbbb8ad30ccd28c3b4b7c24379ef36ac361ddfdbf1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    46c0090028f9adfaeef4b3b6311220cd

    SHA1

    3c1664453064f259c9650af50c6a0ca4e6e0b0b7

    SHA256

    fb161cbc7e81eeeae4e5ff429d8445a186d6be1df3a37b6960e3010241196622

    SHA512

    b196b9668b44c27577891d8b1703185af1aa084e308321ec332cd702fe222d652efaff72858c005cbf752cfd8cfe6043fc740e5f0a496d3acea572fb4d3183b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    45781b0bede9bd423ab610b146d6daea

    SHA1

    32a8e4745ee25010fce99d9ecf3387f4d315ebfe

    SHA256

    d8b2b2468b0c967de0e6f33d930b7c706cf8f5b71da6b6ca9cb297df23128c3e

    SHA512

    383ff412cbc5cbc95c90470743f327ce52eb0fa6407563a32b8af4ba599b7e6d4a3f7c9f55e79c0e0d64cf1b4d52f89c83a23960e04d7c1297d6f8f0565becc4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    27a66b80cc87c09b1199a786b1c9b374

    SHA1

    7f0182589c2cda545ab8984b41c48a657ad08eaa

    SHA256

    5e3cf3f7f405009ac3a2530dfe64300ff131b27205f9e78667f4b4a6d77d079b

    SHA512

    4fb9221d2c00e9604e48f1d4240d3585ea7741dd45ee37ca9e329cab481a56bd5d92b61e13474f6d7342d7288711593e3b976643079ebbf4472ab32a5d1668fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aa8475900365754e57c79a4c1f68c76d

    SHA1

    bae74ae39d86f20d6c60acee3ed5d9a45855e84a

    SHA256

    73b053798056b7d3be8f756325a7e2e8282952df0eb39dfd653ea4c36d53e899

    SHA512

    714ba547ad5cd05ef57914cc7810f7263b285a4b12b81abb1638232bbdc2f76ff6534d65fa01510db3a07fe642139a578fe6c5f8a1fb67cd006693a23ffd4c39

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    092b76012b6874f328c47e66519d63ae

    SHA1

    971afda4ee1621fb59130ceec33d66595fc2d3a0

    SHA256

    aea6c4c76b36ca2347d9cbb0abb52a9b471a27451151b130e7440783057d97af

    SHA512

    bba7d14ee741e1307eefb4b278f3ac5c7158fa86e513ff7ed793ad3734f517741f8f386008d1df314bf387478c82479c58f904529f04ee9016f4a13a95f09c02

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a3066a539c9b2ce0406de36e8e9b19f0

    SHA1

    86ebfc76009e14bf30b7aa57e370905230bb57a1

    SHA256

    21f3cf74c892a7f95ecdea3e84dc35ee50bdcccbf2edd6d9e95158fa29f655a2

    SHA512

    9a2d37658460029bd5343e1bbecbd55e4f2bc2ed3e5ab75b57a8ed0f8d76abf00931efcc0bdbfce378fafcf102faa32e725e9cbfd2f0e17854d68714acc3a10c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b1b9dc79de8eb070de10000788972b07

    SHA1

    5bea19e53380624e04eeed72923aa46c5bc5e168

    SHA256

    462ec65770c94c4ecf9bf7d0e7341c12fde65d1ca7de4574cdd430914f45d0da

    SHA512

    50b5b6286c5d54cd82f57fb2b954f0db6a81e161a615f6514d7b4748d2ef29581e1c594ad28e61f231da1ca0e7e25fa1cd017c6a7aeab0516be1906e5d8f52a9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    609d63358c745c8514b5f577dc135102

    SHA1

    aa8f218ea5eb87c094400774a270ee7c2b039c66

    SHA256

    d87fdd22ddbc93cb975b00a26243c15d857220d8409873f49a954e8d5d6c0387

    SHA512

    f36d7113c8e5e9b7c2f799789ac4a9dd8c7ebb885e78d09e141844107360245b6ee8f93c3706662df60d2c5fdd5f81805fcde492b845bf092141a38e03b7d373

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0afecbf01f89472121ce6a900fd64e6b

    SHA1

    0540cf67d141a43b187d9b64d8a13b44c7850ac8

    SHA256

    0854986a4c649c61a1cc21bc1ff9bb6406a1555fe2132c0fa57dcd5ab4044771

    SHA512

    933d27abe22dcb5945792f5ceeab3984bece7f7c1cb2a1dd03d3f27a8b53a4a9486cea37c747f138219aaf477c6d744fd592d1cb4435f5b909106816d46632ea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3bca5ee01214e6d48fc1ff34a1421d05

    SHA1

    3f88dd7c30789662e79389a3a4ebba9643b64bc7

    SHA256

    221ded7da026b1c61d3e731348aff6995d849f79c1d6144b4d5785580cd8f4d7

    SHA512

    27750abb39419d9eca3f3667ecc9138fece4ac9f13eebbd372cfa9a522a7970498d5222839ec8edc26eb69a5c6e63a0fb9b7505d7351463118a44eff18089422

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6df0a69ab119dda471f69cea5751c51a

    SHA1

    11c4bc8a451ea7dbcc4680ecd60c924d1b6c8d2c

    SHA256

    5f73b8a06fbbecfbb01533945435b4c4da2c035ab2ec8e052f84d1f5b7c66d2a

    SHA512

    09136faadcf8993734f115a25da88eaa1ff284f5095f1925cc390098ac03e0710a0ed1c5aed2d86bb0e22c04cf5d9ca366a3b0a4ee4f77974a3ab7edc7e34c6b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    68e9fc36a1ab8887f385fdf1b745385d

    SHA1

    3a9a27f69abc358f4ece89b137a272f2c0c1b5ec

    SHA256

    76f639716d55297c8defad8db9e3ea8757b6ecc22c454863d79925a4bbdaf0be

    SHA512

    a0b9f9d9782a52b3786693212b07a9c23a055a6b4295af1a988f4898c1528f1261e4ab3380f86419f9480c9da2c104818fcf867a8df5c9c885b5de9543315f6f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e17fac07254bae77f1c41a5a9bfddd00

    SHA1

    92893b58549407118ddde034d94667e6fd542e7c

    SHA256

    db24774ec3c77d637eddf6fc5978f42e0a0eadd0c52bd3dcab4a60af0c1bb665

    SHA512

    5a34ebe14ab1925ca9e0af2680c5e20fc8187788649d1fa067251453435dd69628fda116aa8c24911758db67a5f282312595d5610b2d8a4eeb285932fae05248

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dae029188a48ce45ac27f41abdd16233

    SHA1

    9a4b237d2702aef6f09de3d5faae6cd6bbaf28c0

    SHA256

    8308abebd1787e9208763b43a24fe740f5b5c13ea52cfafb7cc29cb3ffcf43eb

    SHA512

    bcdb326d3e64b886a4a1e9c268d830824e15ac298fcb497d43142840cef069627aa57f638b0e1ed25bcb7a1cdb419e8a474952a4fcd734a34a23886d30f50d58

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    be27c64d3356f36094eb04a46a778d7d

    SHA1

    3418c6f23e144819d682797ff5a43e649cd22a67

    SHA256

    48b527a25665b7d840af161e3bb44f4ce38162be5df24deab3034d52723afca5

    SHA512

    6b0f108dd5b21e7df977128188cbd6ada128e939fd3bd650685b01981716b55df1b2ca6c88813bd3d5097a596873b87090d22855c8d4f70e93355389a9cf9d5f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3507c0ed62fc8b6a9cbff21a659bc05b

    SHA1

    2f45c71a62a634272ee1b5e5f1614eeb78d9f187

    SHA256

    7326dce05d59c92df30d895f758992b3d50ad2309dd065d49f5e6dba833dbe20

    SHA512

    43a4f496f682218333a117030647955db17262b41c2b83800adb63216d423b390ceef2d7c33781949580f2978131e2fa261ecec9bb953809b405a62ddb362b1b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    02bd9875fc0fcb003faff91c74d2df69

    SHA1

    2998c0d55c3ba26eed835360e7de2500c87d14ba

    SHA256

    bb414eaf3b45f111d8614706b9da5815f4bdf76a1191f92997b258e2a73a2149

    SHA512

    4a0fee72be0d6afd21dcb591f3808f05d55e1772394f7705d1ad6daabc71ef50c8d31387d875b81aaa2d85c2da846f5ba1a4225bf5a0d8222f341a7fa4f096ea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a9aab08f659362b8cafb3594edcfee60

    SHA1

    a6dcc25ee1687f4ebe21507224df0974083afa26

    SHA256

    afadfbc820d9a5cc38b7a872439063a03437787ff3467c46542ac6deada18b97

    SHA512

    33a0b96261024aa74711743634f4538191297640092a676b933b21a56d8a036bb2ccfa1412705d704bc5d994364a0b54aefc651c3ad82148d1ff598fafb8f378

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2c943aaf80d54f05ab2ddebf6b3bc10f

    SHA1

    92b84859def410eafea7145d5aad8ffa736d7370

    SHA256

    c5c897ef0531421a6154c1a43e1c2fefa5e4a74e4437437a7b92f2b4053e2449

    SHA512

    c0602c9633249714cda441636a3af994d1c4553e8ca58efb572fa6be10a1e59322fb7684bd3b919992d226b05e204f4a3dde172c5b402aa07934b754b0f58c82

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3b7200403433403c5213df918cc2cdae

    SHA1

    55b8bb84877427cfe4574921fb4d1a8d52fca430

    SHA256

    a21e358b078415b9530ac626d57b5204571363b8247bad460788f542e269d87a

    SHA512

    2a58b19b951172b2ed2d1d6c26f7a365428ca7fe24003493300a595d7b8e3106d3ab4eb9040c77f079c332e75e5ad3afcb99b71c7799818a359d372b1d99ee54

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b58d10ba11f3ed42b851700ae59a2d3c

    SHA1

    ce6e1109389026e6bbd90c81fc74c26a68ef31af

    SHA256

    1099ec9de23caebda25b90f3ab46c8a54dde2035bc5e8027ac2db896e2c3b67d

    SHA512

    64d96ceaa01d61b64cfc8f6842a73a71f1a6ee10c6e8b640586bd92f6681a9496bc552416ece392858c23deb3c54a285c1e52702da8d1af866fa7adcc67e4b89

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    651dcf7d867b6fa32c04bac5dd668bd8

    SHA1

    b2f4e67ddd4b35d6c3b73ec96612f5d080fd0d5c

    SHA256

    2dc2964af72f81afee5cd616263df479978297b940fc70b9c727b6057af6420b

    SHA512

    90bb83f6678fe6e16a98d469e01a20d00db13c94a8921144256e00cb4c14a51c13db91164f9f0f690f76cb455bb5442add1a0c504b8dde1e92c86ffec098c6ef

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab4932.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4955.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.mmc
    Filesize

    255B

    MD5

    a0c4d2f989198272c1e2593e65c9c6cb

    SHA1

    0fa5cf2c05483bb89b611e0de9db674e9d53389c

    SHA256

    f3170aeec265cc49ff0f5dcb7ed7897371b0f7d1321f823f53b9b0e3a30e1d23

    SHA512

    209798b5b153283bea29974c1433fe8b6c14f2a54e57237d021ecc1013b8dc6931dedcc2fe173d121c719901045fdf2215177ba164c05d703f2e88a196252ec4

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.mmc
    Filesize

    149B

    MD5

    b0ad7e59754e8d953129437b08846b5f

    SHA1

    9ed0ae9bc497b3aa65aed2130d068c4c1c70d87a

    SHA256

    cf80455e97e3fede569ea275fa701c0f185eeba64f695286647afe56d29e2c37

    SHA512

    53e6ce64ad4e9f5696de92a32f65d06dbd459fd12256481706d7e6d677a14c15238e5351f97d2eb7bfb129a0d39f2603c4d14305a86821ed56e9face0bc252b6

    Download Submit

  • memory/2388-36-0x0000000000400000-0x00000000004B1000-memory.dmp

    Filesize

    708KB

    Download

  • memory/2388-0-0x0000000000400000-0x00000000004B1000-memory.dmp

    Filesize

    708KB

    Download

  • memory/2816-1092-0x0000000002690000-0x00000000026A0000-memory.dmp

    Filesize

    64KB

    Download