Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
73s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
17/08/2024, 11:22
General
-
Target
a255e623a782ddccdbcba4e79da5e7ef_JaffaCakes118.exe
-
Size
163KB
-
MD5
a255e623a782ddccdbcba4e79da5e7ef
-
SHA1
20553c96df543c10e007a655f31f7b6923d96fd8
-
SHA256
8f643a5f4ef8c250d8b0047629672e660d69ae1b2414e30d2633cf483a0e2889
-
SHA512
f5e00c96a43fafc4fb54f6434f1eeb4b9e5dff3e4a55dbb5ee783819c0a26a99d50c13fdd40fc4b677dd4bca2be56dd33878d281d12226fcb79d56528fa7e586
-
SSDEEP
3072:PUgmcYpOqQWts5oXpT3uob27b1j3K7tkGaA45McajwuLR5aGdt1:PUgmc2vKoZT+ob0VIxazjmhLH1
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 11 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory 2 IoCs
-
Drops file in Program Files directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 35 IoCs
-
Modifies data under HKEY_USERS 12 IoCs
-
Modifies registry class 13 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SendNotifyMessage 1 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a255e623a782ddccdbcba4e79da5e7ef_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\a255e623a782ddccdbcba4e79da5e7ef_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\program files\dialers\hotwetlove\hotwetlove.exe"C:\program files\dialers\hotwetlove\hotwetlove.exe" -kill c:\users\admin\appdata\local\temp\a255e623a782ddccdbcba4e79da5e7ef_jaffacakes118.exe /install2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2832 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5dea78ccf38f3e5efb048a40a4242c947
SHA179756411b6cadbafcd3864954fef4cdd1a5dd7ce
SHA2560c91b742d02113df0f2be940ae5f5b54df59fcd68b4b68b5771949dcf2ee70c9
SHA5125b6d165167dd3d4052f7349f9d8d259f7235bc1afe8dff3268a06cd7e882d4002b5e87754acc03deab9a436b4442817a79867480e416013742de308481e60f9d
-
Filesize
342B
MD5adadf25c69edd1757afb67bfce72ba6a
SHA13f1282308c891e48d489fe518cae3de1e499bd8d
SHA2562ea1354d865b397083ca1d0a47773a5d8d375addc7b88f36799cd054fea33c26
SHA5125a41ad74d87e356b87446a74ff8fa5c7668989250758738e31f81eb7252733fc467042ef9a6c6faee9b3b6fd408d86f7c6c2d982db45e9d732d3edf256724007
-
Filesize
342B
MD506c47046eec61809cc865d1f0651968c
SHA1242c468f425b144b5d88dcdb6085a6eaf5c0c895
SHA2564dd9a53ddea239101bdb5d76b0b328658bd5b50b0c31c26d09b262f6a874abe7
SHA51201b4ce95567105c549af2d15ded948e2f8279bae1e042bc6233baed693e4af53b04a972fa89a39967acea5e5d45a005745fc481aa18e90ab01aed4e1c297bac4
-
Filesize
342B
MD5b39731e4c50b2f081d13612a0f1bb530
SHA10cc5d648e40f9a04ae1108d60e7776df637d700c
SHA256142d0cd58d1f3d058feb94d8d65873a34e377cf588854a2afaccee366e8e31f4
SHA512748780736f30e0372a0a4eb0025de803e9d58d227e0ea9afd40809a83087eecd2303a9ec4cd754702f48c08380f9346187282019b610b994abec758dd20a2d05
-
Filesize
342B
MD55b13ae5e8fa8ef073cd1ac2fa5803902
SHA15571c4ec3f6b33546cb5e530c9477225c43fbf77
SHA256765ddec598e8b6a753b240e41e7690ace4a5e1b6ad869f4519c621bf527cdcfb
SHA512704aae7d6788822bc115c037da4e3921ff3c6ed5c250348118f8bbfa01fa33bd531fe45017560618f4c63d7113510412db9aeb0258c178dbeaaac2f18cc26908
-
Filesize
342B
MD507ce059405291aac6b0dab1ced786709
SHA1dcb1e0f34c40663e3a1a212abe5495838c990b18
SHA2562ef820b3e1468ea0052e32eb01eced5f66d7af4d0e894ad0581a4c20d3ae67a6
SHA5125e42a5e5f0f3fe23ef60f1aeb8dac88c4c9c043de2da7024d0fbb425c4eb239274ef0c75e55962804c8cd83a41a19f5a5f55dafd7e7b3a952c8caf724a2a2711
-
Filesize
342B
MD5fa13892ed79ed6a976a18b19062cd27c
SHA100e65f63837f870aeab1b4f910d3729c83e55767
SHA2569e7080afb19992eea10a80709ec84357413a5d948823484bd8710d2f0b69f56c
SHA5123e5f72068e1bb1de2423a4f75a936206e8a7d157a7d315058285ad12cbcedc9c7a18efa10ceb610e7118c6f35fcfae2e4571873ae0ea926cf355b1d4fb4ec8c5
-
Filesize
342B
MD5f22b0f2309b26b490855834026254a52
SHA19ee974e4146495e6113839bd6eef31f259bea03e
SHA25654c326c181614646f880fd2f8ad720850c5655c08f598f12900a7c1c7d3f0e40
SHA512f219dca36c2c3d1d4b53d225e4e44b00451dd5c9566d5e048e141f30fb36ecbfc43954ee0f57a3a4777db50373ffb25663a605901c4a97b67eba2feff39eac62
-
Filesize
342B
MD514d493560f254bdc0fb98af358fa27e0
SHA1b5f95439d38791195e10f5c60fab4955888796d8
SHA256026e46725a375fbf578f67b5bc76e4b9434078a4f9f0e3998acbd6b2f58d7cf3
SHA5129a2ece0cd7a47552b22e70e9cb5a8d2b2fb2d328b2434c27d0a654104c50a5c2aeaecc524351b73313bc671816c65844555ec38bd93f94def2540bd20e0f88e2
-
Filesize
342B
MD5fb83d7fef577a48d4eb112e77814acfc
SHA12eb3c0c5a9074e0c459b800c27ba9c54a0ff7926
SHA25606e4bc8e4f70e5e655372940320c890d08ecc3e13c3f6ec6eae792cfba997c5f
SHA512812da0a7ca96825c0feff8231c54f1ba697e7a970ccffc6fe0d44ed3c574b9e2205574c2f7af7f8fee2283d9bf64d6f6db9552bf72c9ff0c42486c2eaffe699b
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
939B
MD5106ca640eba47dd60792aee9221d760c
SHA16385d2505fab4927f26dcfe1162ed056e880ad30
SHA256f2e7c39b8ec306c0adcadef27ab504ec745fae83189e0211197804b647bbd8fc
SHA5126efb336bd8925a2d48cb08987f71b5af1d29fde14476fd7d6b50ed55165c66fb91b2b9f21e9b5ffc728695dd6ed4e03cff028014034063d93153ec477108d270
-
Filesize
945B
MD55cf69a0a70e61e6057990933cdb1050b
SHA1141aca48d5380b5970e625d0012fe549e698797d
SHA25688e863b4899bc0afe2e84a47dc850127a69a5b8cff2f0de224df63d981f2b499
SHA5125c98e4ac83131323e1d60a233983e26f977c81a07769582dfc1dd9769dfbd536adae4d399bb719eda61d40bbee0dad2b65c99c09ee4f01f97cb204d7bf730c6b
-
Filesize
915B
MD5efae48325e10dc0a566014d1d4ac2714
SHA1f3ad4cbcda6f8ab061f283fbfc16a2f552ed282b
SHA256deda47c619c6312ebb3736a00560d3ec371742ff4003c6da456f494fb6e4ad16
SHA512326ac532fa610da0b564db5a7f8ef5a3387991c3879e4a9b91265e7c9e8799e77667b24274efb5ee94618b77d772176a9d7686dbe5a0dc420503e54be13c94d2
-
Filesize
163KB
MD5a255e623a782ddccdbcba4e79da5e7ef
SHA120553c96df543c10e007a655f31f7b6923d96fd8
SHA2568f643a5f4ef8c250d8b0047629672e660d69ae1b2414e30d2633cf483a0e2889
SHA512f5e00c96a43fafc4fb54f6434f1eeb4b9e5dff3e4a55dbb5ee783819c0a26a99d50c13fdd40fc4b677dd4bca2be56dd33878d281d12226fcb79d56528fa7e586
-
Filesize
164KB
-
Filesize
164KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
164KB
-
Filesize
8KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
164KB