Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
135s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
18/08/2024, 03:14
Static task
static1
Behavioral task
behavioral1
Sample
a52ca38a1e96819e957b1c2c0f04b312_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
a52ca38a1e96819e957b1c2c0f04b312_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
a52ca38a1e96819e957b1c2c0f04b312_JaffaCakes118.html
-
Size
44KB
-
MD5
a52ca38a1e96819e957b1c2c0f04b312
-
SHA1
fd4a0d429daa9c2ead47731a2f3fb7a9b35ab25d
-
SHA256
1939d180825c2e3be99edfdc19a5bf857c4b2b9fd9867c4a09329b318417bab0
-
SHA512
7f533bfef127b3b447e068fc15e9409ccc693760ba8e8ac6033c86a1a0a05b619917c3bdf2d42104c9a3af044315e59369f3e712d7bdcbf61b10d0978f77ec23
-
SSDEEP
768:EGRbEXCogTD+hvpYheHcFkjctPM4viD6lLKHIpx4Tdq9hzF/48mOOkVZWL0VEC:wXsD+hvpYheHcFkjctPM4viD6lLKHWxX
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430112748" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{01CE3D81-5D10-11EF-9D58-7EBFE1D0DDB4} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1728 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1728 iexplore.exe 1728 iexplore.exe 2152 IEXPLORE.EXE 2152 IEXPLORE.EXE 2152 IEXPLORE.EXE 2152 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1728 wrote to memory of 2152 1728 iexplore.exe 30 PID 1728 wrote to memory of 2152 1728 iexplore.exe 30 PID 1728 wrote to memory of 2152 1728 iexplore.exe 30 PID 1728 wrote to memory of 2152 1728 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a52ca38a1e96819e957b1c2c0f04b312_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1728 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1728 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2152
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d0ce726b647156844d064a2861a079a8
SHA1fbb9390a4ba069caca3af013769414fb7cf482f4
SHA256644abf70bdc219a927b492ee1c7109cb73f420b243ce756ac1c33de9f0387fcc
SHA51222e3a264469b5f6ca19d77f13c8dc3f5e955b6945a07822b39d43341e13f1ec7ccd1349af72c0d513f00b72f4c613b2cb40e2eb145da0c82cfb5c30f4539e936
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52bed52e8b4a3d7df5a56cd301791fb39
SHA1054772dd0e587203f0a2015c100a8d86ebb2afeb
SHA25680b2982ae0758aab7f63b1b8a8eca40b4c9896f0cbe3c6ccd95b1a41c2716f3f
SHA512855f953a0d7cbe123e6a5011c9ae4dc75670cc7e1f9c26482e73d148799460c1ff3e79c989f88b14a4ef3d9a880cee6a11077754bfb8711c3031fda76ac072a3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ad82f25ffa3bfd9a6f214e02efe88525
SHA1cb5acb65c2c0fbde51c85571f505a6c137d99eeb
SHA25602955651f731d490212a1bfbe3cc16d1d8e6df28680689067392e0f925e41572
SHA512971fb38f227a8ced7100663ea5c21332558cd6b6ef871788bdab43b5eda48b2ea8f6a19db5dc69494bbc1e3ba042c6e9a5171b274f9ab682dacf7dbab0f94ae3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51e821f95dfad4e9f71a8b5b4bab5b346
SHA11612bdf5f00cb7c59c060ca65f57a2e7a7f11f58
SHA256c098f23e7c4752e69d5174fd99e5e75b4a46ee550014b13cc22237416cc13d8e
SHA512a5dd6bdf4b37caabd8c2c23745e53c469d7ff11cf72af75c33d961f455ab26430901fa385e48217e8231a68105a88210a2dd19d934b92c7074de033e4ff81cc9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a2123009c2c72dc3f4186af66fd4598b
SHA13331fb03f3ad7c1fd5f594fa5e05ab6462af2e25
SHA25609bf25abce22661c465f996fc053e45641ec59437e9ad86c98ff45daa6b68684
SHA51230986b42948d0b8712e7f61d28a06c4c69e9dde89ebb7c6272984c8751668b42413d350274c3b0bbf8a82496832d70f8fa081fde14f5cbb5d550d77bd512bd7e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54806ca41cef960654f77e0a7d5c05c54
SHA138454fe4350af06dee07d0110ed0e9a9833504c9
SHA256439a14d91b27327c6fd38fc6fe9dad5e7bd0b41ced78dc0b2eab324595782c37
SHA512fff45aa0284503c687262a7198fec1f993cf4b2fcef8cd397bd25f1c8184ffef9042b8e5dc0839a2166ff3d2adc1d462c9a5648af4b122fe0f8683797accb60f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5480b1eda70a7b808f339b3ef0783f40d
SHA1030bbcaa6a7db1a4e043af33bd2b43169a75e351
SHA2563f829150721d2979f47d861eee384937515f222f818fc7532dfdab04b84e59e2
SHA512db49587064a5b75ca17e893cc6d5f9d698317bcdd1d0f9032f891b8a7c561485359850a6c8b5f44aaad73e8edf6e47cd85af6baeec87ddd1c2aabad06098a96a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b2d3b69705bb2ec514f23f09319eeac9
SHA1aad2d188f1240da826a3edb6af53d99248731b38
SHA25610546555214e931bcee6f5d2d33f1714bcc680f3f84c7d9de266a46d7aa413d5
SHA512edd8a021eb8f1b911b172c2ff4e650bb3ba3cce90753d590eed649305b1556255aa5389f15ef5e8610756aa5512707f7abd22d7256a6fdf82b5d9b20118eb8b3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b4d0398da40feb9557c1d2d5f839f236
SHA1e673cd00bf59a349e9fbc7ee43b49fe3119a8490
SHA256989e08c82e0e94f235513bb54d13a2d4504afb11567f262bc64132520679af63
SHA51273b2ecd475e6cd6dbaf72198f267cbbbea69a7b417e09322f5745243c1afa509b36180b577bf5b9add291a5f77e201155038ff0fb30242d021200da36b2257c5
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b