Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

8da4dbbeff...18.exe

windows7-x64

8

8da4dbbeff...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    70s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    12/08/2024, 06:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8da4dbbeff48b548272cc1ebc311f3a0_JaffaCakes118.exe

  • Size

    7KB

  • MD5

    8da4dbbeff48b548272cc1ebc311f3a0

  • SHA1

    c58574d5b9f4c7b1e96aa605bb8651185bfd828e

  • SHA256

    dd24be7747ca84bd409d7d6741c9181cfdbcf2db4a93291e49a18ac5f4054a8d

  • SHA512

    4e577b7748b36cdbfbc6fc41f6d4e0d60782333e6f71ee2d7ea54d6b30f86b860d07e47fa6a11c64eca7732fcefd3a00531a41e64fe97ced2fa7f4a72d363392

  • SSDEEP

    192:OdOntQ0OW3l0vdV+i2hBKwa5/7N2PmCJ2MEe:OdOnj2vDB2hza5/7UPpr7

Score
8/10
discovery

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 26 IoCs
    adwarespyware
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8da4dbbeff48b548272cc1ebc311f3a0_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8da4dbbeff48b548272cc1ebc311f3a0_JaffaCakes118.exe"
    1⤵
    • Drops file in Drivers directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2612
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2436
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2436 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2768

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3a5f500da136a13324d18f60a3169dc6

    SHA1

    44fd38ac4d85cfa079f50c4df0b980dc45303b70

    SHA256

    c28c16afa751dbad210ca8c8197708419bc80e4065b9791a5d6c564da3f5df49

    SHA512

    a1d151f735bee82af89d4db97979de4f8e6699cebfe0307883a2c1d9094a015479c0dbc44a80d6e290a88ffe944646f8e8d5c7aa97fb494214dc08e434972a05

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1aad566e829a101b74aa1851be058229

    SHA1

    2dd82a5686e2276acf566a683b889fe975d0ba16

    SHA256

    135a9d752e1ebc4e55c9faa5f35ab62b417215396184f574f9ad2e7a72cc670c

    SHA512

    1c890472de6f738ab01a5b07e12910eb9d0655644be1f62eb66b64993fa1c9207eb31e62df792ce854ab307fa842210a3b865890355c21e9af416b80f4854e51

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2ff4683428b8fbcd0f954a67d6084457

    SHA1

    16c07f571669a90a30dd57772e28b2641eaa387d

    SHA256

    f602a94377dc2abbb811cbe1efa95d4af1781225dd46e6a360fff214f6b09cc7

    SHA512

    6bc6c4e9657c9f50a7223fa7871de92f1f8d5589882295eef09d53632c3ba5605acadd8491fcf41848ca70f6f10c64b6523204cc4d340670a8300d50c51451e1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d7dc4cb82b3075549d4045ea72e2a91e

    SHA1

    c3800ff2fd397b03d9f4d90dfb59ac2ed3aa89a3

    SHA256

    ea5ac8c7631fa6afd44a3773fbd2f5f4c77123547ab0fc3e9fafb8ce26ac4d62

    SHA512

    b87c2ad36db0291550bb47951b82fb959c8e28277aa068db3fb7fe3f15dac2d675a62d435337cc6b504f81980b34745058262eb58c0dec743d25d7abb1931266

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cbd492a8e2c79fb0e2ae18fe1259d82c

    SHA1

    0dfb312a68464a6514663cc496ee91083416e947

    SHA256

    27759baeeb2fc435eb880e7055796255a5a4a31cb51ef1ef612959c7db0b058d

    SHA512

    196b02fb6dd976537b656c083f6ad8f0b7fc4c61b80fc52099c68e20e2e421c77e60d1f96ca38cf8b03f7210e5c58abda50b1095ebd376f3dc98d9164653e8e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    992c6efbea9d59057bedce9daac2ebca

    SHA1

    0fad9820ceb03fa079359658bf97663c950cbc74

    SHA256

    9d508cd792a0b01b43d65f1d249ade1230e537e118f76453ae3df188597cae20

    SHA512

    26b03ff0751fce719f77e5c39e05f9e765cf2137e173662a5d40a93502438ab04a9266e8bf57b362ea02519677e58da1008612d30849594f3b12b33fba388883

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e857f5b534c7dbc823d4edd0a18d181f

    SHA1

    e3d0f6b856348103f14c3be043f8e9e2520aaa04

    SHA256

    f7261fdbb9c52ac9cec5ec713d2347a8d12121dfa08ddbf5bfc2e3674b1607be

    SHA512

    30b3c282dd1fd9e6dead3f8ed961b6182696f63d6254c0f953d31ca49e64e9d31b2933ea6f023f2becaf371a29d77e11605d8ca115a839f15b3f17c10b732c78

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    36ddeaaed0adc046c4a4861d5e071a55

    SHA1

    1af0f1b775a053587dd25b807fdcf5215e106a66

    SHA256

    3452e4ffaee08dd03955fdc29915594fc5af4ee73579ce867ee665a64d2f1f6b

    SHA512

    de362f718d82ac5a2ddf73ca65e722941b45e37a43fe8f99c387d9e1ef7da6087305cf3074226120e9b9786823ea7a142029997b29aabe2f09aad4e6c4de5bfa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabDE6D.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarDFAA.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2612-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2612-2-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2612-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download