Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

962bff25d6...18.exe

windows7-x64

7

962bff25d6...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    134s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    14/08/2024, 12:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    962bff25d60405278a0ce4cdd23c8140_JaffaCakes118.exe

  • Size

    45KB

  • MD5

    962bff25d60405278a0ce4cdd23c8140

  • SHA1

    63bbe647ece996f3e9f66ab7663c0aee05265212

  • SHA256

    abc47fd11167673359346ca62458a19e1ffd140890009518d92d24d2f5ce39c2

  • SHA512

    861da4d21903414a32eba14da5ff9cd8c660f0c6cf13f881b3ac15275fa0415637d84624653e2b675b867041ed08ab90ae71df4fc2ac20cc008b2ea33f17a517

  • SSDEEP

    768:r3H3C3d3i3ascHqg7zO/nAijkFHW8nB6ER1gkfLlnsFOmF6lGKis8zxZHEtd:r3H3C3d3i337tALNBx5fbmdK18z

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 25 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\962bff25d60405278a0ce4cdd23c8140_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\962bff25d60405278a0ce4cdd23c8140_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2688
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c start iexplore -embedding
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2800
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -embedding
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2608
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2608 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2752
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c "C:\Users\Admin\AppData\Local\Temp\twe1D12.bat"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2064
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c "C:\Users\Admin\AppData\Local\Temp\962bff25d60405278a0ce4cdd23c8140_JaffaCakes118.bat"
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      PID:1016

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7ba0d58d3202eee4ec1d747f4a2b9270

    SHA1

    d031ddac688e04860059d1144d6325de5d824259

    SHA256

    4964cdd50541b4f91ceecc3545072f1b8ba1a1223dc82b7763039f391b98cfb1

    SHA512

    6e7b8de680f30945a97f78e09444471d8c6cd534e0673b9f9e4bc80b7e7d7315ad7b61f19ab8cbd433881f1999f40daa516e848f5f59336db0f1ffc085ef4ea3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9b064a86b8d8dde8aafdf1ef6245bf6a

    SHA1

    5216fee8210214d2a7c0f78ca8c0022df12d6671

    SHA256

    b916719e6f103cea3a3e1c29b5372d9095103892cba166f4572bf6354470d18d

    SHA512

    16715ce307ba9134f9f52ac9c811c2f616c7025a1c4b0037538e9ae09c6a872d0f2c53e2e07dccd673b42ce43d153a826e5cb8d25b8b942dc9c88cd14dc2addf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1a204d7c84e55d1268a0d21c1c6a352b

    SHA1

    8bb23b13b95731c22a03b72592a7ff8d8f3ab5d8

    SHA256

    6626532a187e520fbeeba91a4c21a2ba15e208cc6db111779035850cfd70aafa

    SHA512

    16f3d117b0354a39896bb8ccedf0f8438dde35bfd542b79105c2eee5adbbdb01fbbd0f5d49c0ac0aacbf1f4c23cc99810bbad5d5f8b18e46e508b0f52cee2bc4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f0c901dde44357c90d076a0637b1c79a

    SHA1

    53212ea33f0b48f8b0400fbddabc49a19ebc6b74

    SHA256

    52646c753a3efacf257c9b28b7fbded8915957cbdf62f24ff99b26660f476113

    SHA512

    d673ce7d3cdb30b2c1e3c68d379a31535686710b9a468df66dc400d1ad3ef2d7841ed62b2aee00ac9a2b0d3a2da1b184d414c74a99503c748c7e35384935449e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    44d932def789f42a1922316c33a038f0

    SHA1

    001f2869df676022c025dcb8af1fd5b8b4dc09b2

    SHA256

    d72322cbc56f314710121b8fd073e9b8207adce825a10025d4875b639e23ba67

    SHA512

    90c990c3fb0542bdbcff12bab869d2ba880f3b8f9152712712b4cfed979b2fd0ecb3db1ce9ca2f193d7faa7d88fd2d7b1afca554227ae1c1f5954aae6127e78a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    97e3dbb864b102383605e16bc02346f5

    SHA1

    9fd54e6281b2b9366dcf78cdeeeb4d7cc86f8e04

    SHA256

    ea3c6fa15d147b44da9899262e472078e1d027e63ae297f26e1c63d0aeeeebb6

    SHA512

    1887dd8ecf3b0504c47b2c91d5b88ad2dd26349e893fe01210a0ea480a32b0465242556bc30f690c3eebc2bc1084c2c6719e93ad709af708cdc796674db683b4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a8bb8ff9818ec207bed6b6ee7adf5b4e

    SHA1

    f393663e9cc0c5d559b5adf9dae56f3263119dc4

    SHA256

    f811083cdf64fccd0a060682906fca48066199379edaaff730a29b0eb26a8b83

    SHA512

    ea27a6ff3307c42f104aa2bc4560611ac359b2f52fcab994288b3507b925f7080f4d7ff830be8acd64e129cc25526d554c9c1f15858999b7e6d195401c818273

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d9e2bb1a2dc77a3c35d081682ed23658

    SHA1

    6ebf1274393f05ee45493812c21818ec8b381104

    SHA256

    572b8f4993ae8035a9e950be14629044131e4de6ed378e1be91bb64cc1eee198

    SHA512

    f38aa7eae529a4cba5e7ad25ea0f7737182a233d7dd30f40522577fc7c686b6c595d9fa6a044cb47e5221b81f83c6560987249c3eb28b5c39f9b50369135c33b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\962bff25d60405278a0ce4cdd23c8140_JaffaCakes118.bat
    Filesize

    266B

    MD5

    f9725de92ce9ac218868e596071106ab

    SHA1

    04ac4d302bad2b1e0feddf7274e46dea1645d4dc

    SHA256

    9bf5dd8a766648f59d9c6a2ccf668e805ea0171eed41c24872ce4aa444e73bd7

    SHA512

    f0b922357da126c1ea40d4f1dac6a4035d9b24247dd4b032ffbd0b6baf69bcf46c4e9f696ed6dc0e178fed219a0ab3f24e121c6bb23dd2ae682b66667c388b3b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab1D23.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar1D94.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\twe1D12.bat
    Filesize

    188B

    MD5

    c5a48bf0f2b1fd94cb4fe57e7f2f281d

    SHA1

    818f3e8f7425fe305432744599ecfd56ded21eef

    SHA256

    8502adc4614e36abcae5e0ecb0bfd8f590e9301fb751776178ee05a51ad9fca8

    SHA512

    2f7cb6fcf44e6cf2de7ec574df5c5f0efc01de43394a5f157c479c02ba6ff976f3d65fa93642484ce378a26a20f0fef7878ce28eb28c01a6504dc8a9f0037318

    Download Submit

  • C:\Windows\SysWOW64\winjcg32.rom
    Filesize

    32KB

    MD5

    e7c3b922586d41b3bf315b8596f9dcc2

    SHA1

    d010a391b9540acbbd4f68744f5f197cbf4cf0e4

    SHA256

    9079fefc873ae165d2f11b30c80e036362b911315324b6068adeb9c7d89162f0

    SHA512

    d52e31ce69b2a38372eaf8e763c578d3d93a4538d08c0a27056eb115c39f96def8d15cd306c15217fdbe5c6d27a3431caf239c24098f40e5cd34f2ba105b1444

    Download Submit