Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
10/08/2024, 12:36
Static task
static1
Behavioral task
behavioral1
Sample
8612f690ae5c7dd69a67dac11d9f4222_JaffaCakes118.html
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
8612f690ae5c7dd69a67dac11d9f4222_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
8612f690ae5c7dd69a67dac11d9f4222_JaffaCakes118.html
-
Size
44KB
-
MD5
8612f690ae5c7dd69a67dac11d9f4222
-
SHA1
ca61fa3d38ab394aaa7e83206755cd1a6479bde3
-
SHA256
effaf867f4051a9db865f297b8abecd1531070201528c58201dfee9e7f448a8f
-
SHA512
6d132dfb63a342931f0cdafc9c4c8ffb214cbf82c4cff02705bb8dfdba314edaa57ed9e57d39afc0b2146b4769914fe28df9f2131b9804dd2f12eb46bbfcadb4
-
SSDEEP
768:wNklTNaDRljWKGkcKw6AkR+CKgpu/s0M9dKmK3TIYQqdUIwhG22R1QkBYIssR/:wWTNaDRljEkcKw6AWKgpu/s0M9dKmK3l
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "429455234" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1CF3E391-5715-11EF-8641-D681211CE335} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1476 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1476 iexplore.exe 1476 iexplore.exe 2052 IEXPLORE.EXE 2052 IEXPLORE.EXE 2052 IEXPLORE.EXE 2052 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1476 wrote to memory of 2052 1476 iexplore.exe 30 PID 1476 wrote to memory of 2052 1476 iexplore.exe 30 PID 1476 wrote to memory of 2052 1476 iexplore.exe 30 PID 1476 wrote to memory of 2052 1476 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8612f690ae5c7dd69a67dac11d9f4222_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1476 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1476 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2052
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5820b3007f38bb3cba8abcd9b4784325c
SHA1688ad4ca059693e1adec5b3aeb0a79bfa9669e24
SHA2560a85cab2c2af949c3b6571c02cb1d2736a28f6595231102203c9a33cb82c5bf7
SHA512a84330c5281bd926a47bd4e0f3ec56f4b03f0ce1df6c2f83a6b7bba52f30f940a27c7b20a6b77152a3c07b62665bff09acde4592c60c25e8b5fdc4e80e33aefe
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f4a829a9e2d503f37e57d82f388f544b
SHA1e6229df751fca5dbc8a0f863115346e71cd95374
SHA256e43264fa1ff21d72bbe41b382b5cf5ee6ce930dcf38871976044611896ee48ad
SHA512ad80d30ec07bb279437d722cbae9840427622fca4602c565a77ba349d2766792aa0675784bf62b85c66d3c4354a1987b80cba2c0573b5988d5f40571c727d0be
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b7a53d6eb7ce05d2bd36e54311c21e2e
SHA1fdd039b1e6322e21a922d88d0c56ae4e7923b093
SHA25631fd768db76a968082db9761919a0ae28a5bf51b230824227445954fbe953faf
SHA5121cb0a9a427d0cc4fb8912b59937168f149f6ffb461dd177d2805fba9389a8c0931cd156a754bd4db2db82d55b881d43ea82bc75b39a81ebca7ecabc968b659e5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56e5b7a4dcd7bb0614b8036e2660cc2e6
SHA1bd7d2a476ac34f3678748eaf802010d33c5c8d7e
SHA25636a655e5a3ff2d633fbb4f7b6b3b18f4fbff28dae5de1db3f72c22a17b676a3a
SHA512b1079798ff225d3c6391a47620aa7b55d63374f18e88926709ef82f061f05aa47d3b8c981df866e214597aef8ee9ff46c20eea27ae810ccf6ab4836c222d51d6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a5f844f1d6f9abce640e5a8235dbc2b6
SHA14fee00e811e1d3ce41a1a73b05e4538f1446474f
SHA2563dc6c2f88f1da0f4683bcf04674e29cfe45b3598f6a7d850b81b6c41013830f7
SHA512bd495d2bd437005a2c045864c5995d4a4bb82ce1b39da8f0176a0bc60d70de62b1a1e92288ad15288d378604f597d7263766e09b8ec4a5d53598ca012c309b16
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e3d35e386fe8bce56730ebfcff9ace42
SHA11c8c30e46d9f2ff04138d46a3e24ee5dab67cd63
SHA25661d768380d7a4c292bdf25a0c05a9587b52d5d02b36bc910dce6fc839b4b4c53
SHA512aa143169841568a994c69f8f00cf50250469514b31050651b0e44ea862f6a0d54164628e6ef4587cad3b38b85c715c3648a86e4a5c3e6dd06b957f59ebd4b1c7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5994973603e95af182fb7722ae9319b70
SHA14adf9d8a0083e5f39c8a35f0e9325a1a61b1f9c0
SHA25662634c31384f5cc09540668ce339579a6b4b24f4ccbf19f21c6da3bde578b5dc
SHA5121e6071df1fbd97492bdb3777042e66becdaaef2c02c8649e42cfcc17098a79ce8148bdfeb4639bb12bdf64270ecb498350067ffdb3daaa7f63c3f92971cd65a1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fff644a9e57bc13bdb479ebf0cf46626
SHA1f03492722c1d116d269792a76140b6a51e97d91e
SHA256483827d4d79bcc7440c9eef37f9549eebaf312a904038fbd310cc64da6d2bc70
SHA512da3da363602db03e871e2a523135f53c7e1fd70fa9f96149bbd467e84fb46cb6c00c0993ef7bf75aaff46b90fbf79cd6e01694a675ac2bd7236ae648dcdda9d5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57b8852c2f7e2df63962d5460f3af21b3
SHA1e6afba787fe2b974fdb25f69f912847f9048a25f
SHA2560deeb1af9c9c27685bcae32fb63096e5c68d4f6dc1b9cb31e79f6f8467e1a756
SHA512a6078336ebb56575832229a6e44f6e7bc14c57bbefaef95c04aa18f050bad58fb6939f411d6384dfbba5948c402fa884146c5501a1fb78786d4fdc121d75df12
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD518c518e2c9ad41346f3d014ec96b1739
SHA102de54fa62de67d88331beb64fa5dc2a05372c14
SHA256607d26a6fe48f2d9a9eb28df7e0dedbfddabefcaccac7f2031f0f728ac67e08f
SHA5127913fad4404d086f64fd44c926501ac520e587d349233ee43523f6f88bb739c3b78bfe521065362e2d4ca62c9be7bf8b796c350561444794940cbf4f59de1d6e
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q98GZSGI\f[1].txt
Filesize185KB
MD551b9be2d81139289ef75ad0510f692e0
SHA1338e153d9c410dd4c9412edccb0b80f2ba6343d4
SHA2567d131d29212e5b4734ad81aab1c3742970087792ef0fcdf99052fe31ddc3d2ce
SHA512c7176ad34fc32ff78b47f5b706e048ce9eadfab92d089f74b11d2bb71560934f6d947d8647bbc49636fa5c57da4e3234e461d9b10b841ea26e57796c6835c6f3
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b