Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

a62f63d3ef...18.exe

windows7-x64

7

a62f63d3ef...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    18/08/2024, 09:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a62f63d3ef60ff9592e70a0333d52b20_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    a62f63d3ef60ff9592e70a0333d52b20

  • SHA1

    c246e1975ef717347e92b35e3912963398955173

  • SHA256

    40cf456c91eeaa9dcaa7e13522397c84fe5b892c209aa8c649f28e8c0bff6f16

  • SHA512

    273d1605888df1e72b2d4a535530c3578ba71bcf44a5fe1a205b4ac8ffaaae64abfea7361777a56acd1316c0fd8ddfe18924435971ab54e717105d1926953a78

  • SSDEEP

    24576:vDTdeM9Rw8bSsiIRq8kf9BX0VCOMgvl0gtYBUZK6EE/5uUZK6iUZK6B:bZeyZ8XX019JwUQ6luUQ6iUQ6B

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Drops file in System32 directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a62f63d3ef60ff9592e70a0333d52b20_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a62f63d3ef60ff9592e70a0333d52b20_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2204
    • C:\Windows\SysWOW64\explorer.exe
      explorer http://www.huniug.com
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2632
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2564
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.huniug.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2804
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2804 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2140

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    679cf5b282bf200642e7d7f52e8f2818

    SHA1

    d4b0af4aa61619ea9d4d4673c7f1f8c38f9716f2

    SHA256

    615270a298b277f483cdd436ce227e7e30b3ed746c5348f964328e825eeff255

    SHA512

    dbe5ffbf35ffab14157eb0a24fc161d8171ff53bd6467b564a8fbfb2af4d1b5f6db8e216008e4da68fae30ac5192d4c60c6836c6ada2ea4e09ecfeaa74ae9099

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c33679933297b73dc5c3e060dd848dc6

    SHA1

    21f01bd9b72f6cb03517331fafcc4265f743e44f

    SHA256

    594cffe0aecefc78b923c04a61adcb975ef4982fc622b16c24b539faefcb7804

    SHA512

    5922fab35c8264c2f67e8dd653caa05dc8bde1b22fdaf6960748bcc4865c311974ce3e8405fe14e40048773dd6ce679902a7874a29b4c0dc25bde874fd214f64

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2db8d14e7da4a25d187892a8c1fbc673

    SHA1

    9c93d4733a86e3c85bba2b5469e01ff0acf0fca5

    SHA256

    4148b26d732f7704e0295db4237052f38afc5db4209e32f07936b097a46f1845

    SHA512

    ae9e53abe4b8fe89aabe3a10c6d40bfcb04b6584beaf41c66ae76cbe8517fb6dff90dfdecc08c2eb66abe9bca4e68ca16398b5e4aabfef074ed3b4cae7a4094c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ffc80ecf02792634ebfd7b6183427c82

    SHA1

    e72efd07f4643f2213374b87eb63dd86d48e5260

    SHA256

    4c67621df36121b2e3912ca68e16a048a477ccdd9647099d5675b24c0cd12f4d

    SHA512

    9e8f2944fb84a08e0076b97d5b7cd09d6569f266c55f2258877955d7424cda95c214e5df5b3db59a7b0714466ef0bb115f0c1af4e04983ebe7dfc3da29edf223

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    88a32651780e1637b83b10ab67dba31d

    SHA1

    a5844b9ab11cca00f74e62c7374e8b51d94f5b16

    SHA256

    601dbd0682b9112d1d8ed3fed0f164d6b5a0872c63c6376ac13982b38d6d17dd

    SHA512

    d0665cfdefb736b6126986c148acce6a2f4cc2510061462e752a72d869866bb5761af0de6d0d6e67701e9bc0df4c91eb3521aa3ca744074e1b44af9a6b65aa42

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    577d21352f47addbe22445daf7eb7b98

    SHA1

    f735ccd1c75c220cdf41224eab5e8c26d7f03dfe

    SHA256

    586d2d4c186aca6b5419365d96be56091c3b96ebd8e1b392214aa416efe96224

    SHA512

    9ae0cef647ed26340530e3f9bc2321ebc840ff67bc7e2b28a8f82a08c5b5679ba81d20bab0f121b41a38288acc1f0275559cd72a5dd980e47e34275be532dbde

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    86d7da8f35ac77a8e5f26c3030763d3f

    SHA1

    98d1f25e87715966de853a9a96980828f19f18b9

    SHA256

    76b0b8bda550a2c94c041d7d7ea55c0844f6d42a9e119a4098b8511e1461c8a0

    SHA512

    b69782c53b6173822a9965b429633fa1fd3518d06c4771a680358e7a50fc7a7126b0ebd9c6ae8d903cc071ff02d920a9f3599abbe9ce9610b1bb838750b365da

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0ef5023f94df81ee54d3c4f89a64f644

    SHA1

    7122920365b5f24863dabdbc6facdd22c2aa2000

    SHA256

    06321fc12eff2ea8d2c83eeeb97279bfd4675a8c31ed9d126baea5726b3f07cb

    SHA512

    38dd20f8f0dfc67d35ceae8dd5dedad3b684016e1905b9cbfb68ad0de00efdf8523046f17ee319f3661e03dfe4dabc7070d071153693775b9b161a04fe555476

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab2E25.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar300C.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\SouGoo.ime
    Filesize

    52KB

    MD5

    b60da4e2e5aceba3ce3d87ee2cd872ee

    SHA1

    9bbdbf1f3ce2c000a86e0473da756a4b1031db41

    SHA256

    b581fcc82c0462d60286a80912ab2ce5aca7d7b11c5cff0b5f74716dbb7dc453

    SHA512

    664d6f893484252b339ff8f413a4cf9da9b0ef82ed74b097ba86a5f00b4d9740eef6e8a5b81e8be7e82ae4009928097baf15e65a03f31c4b92e44f593ce39874

    Download Submit