Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

8d9c757045...18.exe

windows7-x64

7

8d9c757045...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    12/08/2024, 06:09 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8d9c7570458efa425587adb8e118675f_JaffaCakes118.exe

  • Size

    281KB

  • MD5

    8d9c7570458efa425587adb8e118675f

  • SHA1

    6e38bfff3f0b895a767b1006b1a324b478f81935

  • SHA256

    14094ab383f9452ee0bf5a18d6bcfb1fbc3ec2fe4c4cc77278f7ea91bf32a96b

  • SHA512

    fc09a6b471234eeaaf196c0d1d127a04655f9b7ebfdf8e92baaadbc852c1a0c04d2cf496141578356694b52ecc8256c87f4cad7bb37b3093f2bd8e8b5a40d68f

  • SSDEEP

    6144:91OgDPdkBAFZWjadD4sYBUKnfX8EnMbjLlSbumnWKV2LUtrE:91OgLdaDPnM3LliZ12oZE

Score
7/10
adwarediscoveryspywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 6 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • NSIS installer 4 IoCs
    installer
  • Modifies registry class 63 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\8d9c7570458efa425587adb8e118675f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8d9c7570458efa425587adb8e118675f_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2940
    • C:\Users\Admin\AppData\Local\Temp\7zSE9B3.tmp\setup.exe
      .\setup.exe /s
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Installs/modifies Browser Helper Object
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • System policy modification
      PID:1724

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\DownloadnSave\uninstall.exe
    Filesize

    46KB

    MD5

    2628f4240552cc3b2ba04ee51078ae0c

    SHA1

    5b0cca662149240d1fd4354beac1338e97e334ea

    SHA256

    03c965d0bd9827a978ef4080139533573aa800c9803599c0ce91da48506ad8f6

    SHA512

    6ecfcc97126373e82f1edab47020979d7706fc2be39ca792e8f30595133cd762cd4a65a246bee9180713e40e61efa373ecfb5eb72501ee18b38f13e32e61793b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zSE9B3.tmp\50209b93f38d7@50209b93f3921.info\chrome.manifest
    Filesize

    114B

    MD5

    04f5020d2cedec43dfe5795a9c25d4fc

    SHA1

    3ba26234e9fb4fc8e405041a2e6358c17568a352

    SHA256

    a2a4edd9991e75402adb6e8c55a01a1ad2002220a8a682ff4c69548f5cb71677

    SHA512

    a71fd5654ac87ad0051b06312742d6f25444645c99cc56307b7c13cb306eba1d3eff890a72c4c0c448f6fe4d4f7fd050b7bb0fd72f1345aeaeb715a9a4569fa5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zSE9B3.tmp\50209b93f38d7@50209b93f3921.info\content\indexeddb.js
    Filesize

    1KB

    MD5

    fb63b6c657bb0b4df34bd908b0bb98c7

    SHA1

    7a1f42a44b8cbcd2d0da38cbf33124213da49b33

    SHA256

    9bb6333081079b8a13cb19aa48303b224e9839b2f40a18c3860dfe03e3d0db70

    SHA512

    bdfd3f19025172969ff289d25a26af6ab154298e9ce62c1384f4f22efa651614b428e1668ef19e63b4a1db70be2bff85930398f4185da5a764d5899b3c7fbc0a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zSE9B3.tmp\50209b93f38d7@50209b93f3921.info\content\jquery.js
    Filesize

    91KB

    MD5

    4bab8348a52d17428f684ad1ec3a427e

    SHA1

    56c912a8c8561070aee7b9808c5f3b2abec40063

    SHA256

    3739b485ac39b157caa066b883e4d9d3f74c50beff0b86cd8a24ce407b179a23

    SHA512

    a693069c66d8316d73a3c01ed9e6a4553c9b92d98b294f0e170cc9f9f5502c814255f5f92b93aeb07e0d6fe4613f9a1d511e1bfd965634f04e6cf18f191a7480

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zSE9B3.tmp\50209b93f38d7@50209b93f3921.info\content\jsext.js
    Filesize

    6KB

    MD5

    ec554bda43e850662e1dea91c4247e77

    SHA1

    4d63cb3bbc732768b8598621698cdb7a77849474

    SHA256

    f7202d25d12a514ef1c298c0bea13b5acd6d1087124c88a1d13bbf02ec70da27

    SHA512

    0f13a3abf6cda8ed0d695f986b28bd5c76f6d9413ae2d904cca8520b31e28a48895e2101621e611f2daa2aa8acbceafcea6cf3c50415d44104ae60e919e76b04

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zSE9B3.tmp\50209b93f38d7@50209b93f3921.info\content\lsdb.js
    Filesize

    1KB

    MD5

    82e6ba1fc357eb044c3d8ec124f64de3

    SHA1

    3883af0ef9c7806a5dfd43a3f8f9fe68d6264f65

    SHA256

    38bb780e9e01650586bc8ea42325d1b7b5ff2424cd85a1a0a9906ca86066d165

    SHA512

    4bb1e22291250762bf0d3c16ad78d3a866187940c479ca3c0083ccaa7874a93a3e99a2cadeec8fbcfc871fb8a628d8eeec619f45c676d2366bbabcb8f30f769a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zSE9B3.tmp\50209b93f38d7@50209b93f3921.info\content\prfdb.js
    Filesize

    1KB

    MD5

    0b30efaa7a959526d000da44a9bcbf4f

    SHA1

    57c13f6f2e97bbf5e255a07e15a2c3b2d81a04e6

    SHA256

    5d653aa721827b81345b949b0a0d45e183a6acf6ee7697a113d5c2fbdbb08d6f

    SHA512

    960d9fb5eac848c4faeefedb3ae50ef843eb083763fe80341d1f4161a050d99dfe8dc6c5a3ad9c958cf8d931b5d72e0073fc25ec6d51117e66bdc39e36f7bdfb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zSE9B3.tmp\50209b93f38d7@50209b93f3921.info\content\sqlite.js
    Filesize

    1KB

    MD5

    f5c718b0c36c9aefc5cda4da10243eda

    SHA1

    d7990d67942f956bd8656d70caced33283675ce9

    SHA256

    8ecb6853e507b50f8031d8ec48ff1c4f5dca7508483c15a794832ce7d597339d

    SHA512

    22509741da1b629ce5cfbbd34c31a6cb2c018b4c714e9762e09a797ebccc7d01dfc6e492b5c28625defe07bb2e21a1bc8ba36dc4217da2b858c88ea94824c1ff

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zSE9B3.tmp\50209b93f38d7@50209b93f3921.info\content\wx.xul
    Filesize

    228B

    MD5

    7d0fe8949f0463045aae323bb73170ba

    SHA1

    82213ab70a3cf7a6f5b9f87cd48fb27ac7d9d0d7

    SHA256

    3b0a05cc6dcedb43bd0e5164407df6202cc1074309a2221d3b58bdaa553e54f5

    SHA512

    3f1bedfb609a1920754630d312ed55d84d29a930f63d7d9b543f950f3d3beae5ba5aabc697708a787949391ff88b23e86dc51031236bd80ce9e82f2dcd1a9f6c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zSE9B3.tmp\50209b93f38d7@50209b93f3921.info\install.rdf
    Filesize

    683B

    MD5

    fc9b1fa902c58e984f6fcf89da559476

    SHA1

    82a896e32694fe0d5d6abd0ab517f19f82a7a3f7

    SHA256

    a984c22bdfb565f635402a4b4cecf01a60eaca50c996e94e6e8d560790d7f351

    SHA512

    81c13a92e5b0226bca3bc9eafae6af1fcdbedde6657d7fe55a417b45fe7fdd636c2ab361c309e8027e4ff4d59b26776ec67cd62a210a44dff9fe8b10f6a89aae

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zSE9B3.tmp\background.html
    Filesize

    5KB

    MD5

    a7440ace40bed7c2512250539caf40c1

    SHA1

    8e956f0310eb6a65303e2e2c0f49f7febe88e2c1

    SHA256

    2881cecd02ab4b38c0abd6abe930e90035959de31c10993c44c79ea6abf8f547

    SHA512

    713cbfd241380d331c1002d56121cea7f27205393e751078a5bbcf9d5806d4c5c365118236378c194aff3066068f6d397379796c9b874078cae3a61dcd381147

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zSE9B3.tmp\bhoclass.dll
    Filesize

    139KB

    MD5

    4b35f6c1f932f52fa9901fbc47b432df

    SHA1

    8e842bf068b04f36475a3bf86c5ea6a9839bbb5e

    SHA256

    2b4d643a8a14f060bf3885f872b36e5e1fe1e777ad94783ba9593487c8e1f196

    SHA512

    8716b9a8e46933bf29348254a68d1a21392bdbbe3b4d5010e55fe638d02cc04eb685e424d440f7c5b58ffbca82e5772dd95bef73fa831595c2ae9599f3b05a99

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zSE9B3.tmp\content.js
    Filesize

    387B

    MD5

    16fd8925a166e057942e972a53e356c9

    SHA1

    d966509b7f4cfbef34b9e51e9a468a09fe20c658

    SHA256

    69f963d260002368cce0e40d1f17f9e964745458281ce19fe92667c43305d720

    SHA512

    d59942f007129259727f0abefd80233e08820ec4d289b7b757cee9370d93cf8ca1f1900d00aa089b36da1ef17c9764807b1c2e6d685f9dbf605d127df7c6bf17

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zSE9B3.tmp\pahpdkdafcgmmhecfejdcjojmmiecngn.crx
    Filesize

    3KB

    MD5

    7b0252acd663100ebade8354fa15e722

    SHA1

    2f70300b75e6d0dee91d146ff21292e24393e7b5

    SHA256

    9cad780509df2832b92d45f1ade948678332d4e1e97a934df53c8932ac94cdeb

    SHA512

    b68ce341ca1c03e3186ce743408ab913d5c3194ef71d202911ed50bf598a4e6586f969b7801839c2d0159b6293e2b78ec2e7073273c23a5d8003e9cbbc0b5c8d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zSE9B3.tmp\settings.ini
    Filesize

    675B

    MD5

    d6867c01263b76954fd9ee7eda25be0d

    SHA1

    89430a298aef35715d3723d44dd51dff866ab014

    SHA256

    fbd45b37a001e4d4311469e330c1e63dd5be906027e5bc426a5e0bc8c669b339

    SHA512

    63474048859a1f9c8644b52bf63dd9fe5bdd566b613c72953b534aa22e646f07f0d8a076720936d6f94e6b07ffd7c9571d9cbe0a880be668800d174fef9169e6

    Download Submit

  • \Users\Admin\AppData\Local\Temp\7zSE9B3.tmp\setup.exe
    Filesize

    61KB

    MD5

    201d2311011ffdf6c762fd46cdeb52ab

    SHA1

    65c474ca42a337745e288be0e21f43ceaafd5efe

    SHA256

    15c0e4fd6091cda70fa308ea5ee956996f6eb23d24e44700bd5c74bf111cf2aa

    SHA512

    235d70114f391d9e7a319d94bdfc49665d147723379de7487ef76cfc968f7faa3191153b32ba1ab466caeeeeef4852381529a168c3acca9a8d5a26dfe0436f6b

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.